On Tue, Mar 12, 2019 at 1:17 PM Bao Nguyen <baondt@xxxxxxxxx> wrote:
Hi again,I tried to add the LDAP user in /etc/dbus-1/system.conf policy and then send signal SIGHUP to reload the configuration, also for dbus flush user cache, but dbus said thatUnknown username "ldap_demo" on element <allow>Reloaded configuration
Hold on – why are you whitelisting individual users for systemd.GetMethod()?
I search the source code in dbus. it will call _dbus_get_user_id_and_primary_group , then _dbus_user_database_get_system to search user ldap_demo in its database but I am not clear how this database is built. Could you please help me for that?Is there anyway to make dbus aware the new user except restart dbus?
If I restart dbus, does it have any impact to the system?
Yes; it closes all existing bus connections, which may cause many services to exit.
Thanks,Brs,BaoOn Fri, Mar 8, 2019 at 5:54 PM Lennart Poettering <lennart@xxxxxxxxxxxxxx> wrote:On Fr, 08.03.19 11:59, Mantas Mikulėnas (grawity@xxxxxxxxx) wrote:
> > dbus policy can only reference users that are available locally at any
> > time, i.e. generally system users, not human users.
> >
> >
> Hmm, but in this case, the client seems to be completely refused access to
> the bus – not just blocked by policy from sending some message. The system
> bus normally allows any user to connect (I mean, I have no problems
> accessing it from an LDAP account), so I'm not sure why the bus config
> should matter at this point.
At this point this is probably something to move to the dbus list... I
don#t remember how precisely dbus-daemon authenticates stuff, I just
have a rough idea.
Lennart
--
Lennart Poettering, Red Hat
Mantas Mikulėnas
_______________________________________________ systemd-devel mailing list systemd-devel@xxxxxxxxxxxxxxxxxxxxx https://lists.freedesktop.org/mailman/listinfo/systemd-devel
