On Thu, 2009-11-19 at 09:02 -0800, Jesse Keating wrote: > On Thu, 2009-11-19 at 10:32 -0600, Chris Adams wrote: > > Once upon a time, Jesse Keating <jkeating@xxxxxxxxxx> said: > > > That is incorrect, unless somehow your ssh tunneled VNC registers as > > > "local console login", which I doubt. In your case, none of your users > > > would be allowed to install software/updates. > > > > VNC looks like a local console login. > > -- > > Chris Adams <cmadams@xxxxxxxxxx> > > Systems and Network Administrator - HiWAAY Internet Services > > I don't speak for anybody but myself - that's enough trouble. > > > > Not according to what I'm being told by the Desktop folks, at least as > far as PolicyKit and ConsoleKit are concerned. > > <Oxf13> hrm, in the world of PolicyKit and ConsoleKit, does a VNC login > look like a "console" login for the sake of policy? > <hughsie> Oxf13: no > <hughsie> if you log in, then start remote desktop, and then allow other > users to connect then it does > <hughsie> if you're just using vnc to create a virtual desktop for users > then it's not on_console, so to speak however, see: https://bugzilla.redhat.com/show_bug.cgi?id=534047#c179 which points out that one could use x11vnc to exploit this method. As x11vnc's page says: "x11vnc allows one to view remotely and interact with real X displays (i.e. a display corresponding to a physical monitor, keyboard, and mouse) with any VNC viewer." certainly seems to fit the bill. the bugzilla comment notes that a remote user could install a copy of x11vnc in his home directory and use it to gain 'local console' access, there is no need to install it systemwide. -- Adam Williamson Fedora QA Community Monkey IRC: adamw | Fedora Talk: adamwill AT fedoraproject DOT org http://www.happyassassin.net -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
