Re: Running pam-enabled /bin/login sessions in unprivileged terminal emulators

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On So, 16.05.21 19:41, nerdopolis (bluescreen_avenger@xxxxxxxxxxx) wrote:

> Hi
>
> I am trying to experiment around replacing the text mode TTYs with usermode
> utilities.

I don't follow?

> While kmscon exists, the problem with it that I see is that it runs as root.
> It's most likely so it can run /bin/login as root, and /bin/login is not setuid
>
>
> I found that doing something like     (Can't fit the command in 80 chars, sorry)
>     systemd-run --setenv XDG_SEAT=$XDG_SEAT --setenv XDG_VTNR=$XDG_VTNR -t /bin/login -p
> can work in a way to run /bin/login within a non-privleged terminal emulator,
> however authentication is needed to run that command.

hmm? XDG_VTNR is for the Linux VT subsystem but though i don't
understand what you are trying to do i get the impression you don't
want to use VTs? or do you? not following...

> First question:
> Is there a supported way to allow a system user account to run one command
> without a password prompt with systemd-run? Otherwise I guess I can just make a
> setuid binary that calls the systemd-run command...

It's PolicyKit enabled, you can allow your user to run unpriv
commands, but it's a all-or-nothing thing.

> The second thing: Things like nmtui need a full logind session to be able to
> run, and do polkit actions. However on seat0, it seems you need to decide on a
> empty TTY to use, which while you can use TTY63, that doesn't seem to be a
> 'clean' idea.

Can't parse this, sorry.

Lennart

--
Lennart Poettering, Berlin
_______________________________________________
systemd-devel mailing list
systemd-devel@xxxxxxxxxxxxxxxxxxxxx
https://lists.freedesktop.org/mailman/listinfo/systemd-devel
[Index of Archives]     [LARTC]     [Bugtraq]     [Yosemite Forum]     [Photo]

  Powered by Linux