On Sa, 22.05.21 13:50, Pekka Paalanen (ppaalanen@xxxxxxxxx) wrote: > All in all, this stack would replace the usual stack where > /bin/login runs directly on the TTY of a VT, allowing to use a more > featureful terminal, custom display modes, multi-output support, > maybe multiple parallel sessions for different users a la fast user > switching, and more. When you say /bin/login do actually intend to say "getty"? what is /bin/login good for here? it's a stub that expects you already give it a user and it then only asks for a pw. It's the second part of a getty pretty much. We have multiple services that you can instantiate on ttys, for example getty@.service (for true VTs), serial-getty@.service (for serial ports), container-getty.service (for /dev/console), container-getty@.service (for gettys on pseudo TTYs, pretty much). It appears to me that the right approach for your case is to do what container-getty@.service effectively does and instantiate an appropriate instance of a template service modelled after it for the "other" side of the pty your terminal app allocates. Instantiating <yourapp>-getty@.service requires privs, but you can use polkit to grant that to your terminal app's user. THe polkit auth request carries the unit name as additional metadata, hence that should be pretty easily done with some minimal polkit JS. Lennart -- Lennart Poettering, Berlin _______________________________________________ systemd-devel mailing list systemd-devel@xxxxxxxxxxxxxxxxxxxxx https://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: Running pam-enabled /bin/login sessions in unprivileged terminal emulators
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
- Subject: Re: Running pam-enabled /bin/login sessions in unprivileged terminal emulators
- From: Lennart Poettering <lennart@xxxxxxxxxxxxxx>
- Date: Thu, 27 May 2021 17:33:35 +0200
- Cc: systemd-devel@xxxxxxxxxxxxxxx
- In-reply-to: <20210522135009.3c3bdcf7@ferris.localdomain>
- References: <2291865.hSSCN3l8V1.ref@nerdopolis> <2291865.hSSCN3l8V1@nerdopolis> <YKZ35LpOBkFIuL/B@gardel-login> <1837773.LlEWftJZKt@nerdopolis> <20210522135009.3c3bdcf7@ferris.localdomain>
- Follow-Ups:
- Re: Running pam-enabled /bin/login sessions in unprivileged terminal emulators
- From: Pekka Paalanen
- Re: Running pam-enabled /bin/login sessions in unprivileged terminal emulators
- From: nerdopolis
- Re: Running pam-enabled /bin/login sessions in unprivileged terminal emulators
- References:
- Running pam-enabled /bin/login sessions in unprivileged terminal emulators
- From: nerdopolis
- Re: Running pam-enabled /bin/login sessions in unprivileged terminal emulators
- From: Lennart Poettering
- Re: Running pam-enabled /bin/login sessions in unprivileged terminal emulators
- From: nerdopolis
- Re: Running pam-enabled /bin/login sessions in unprivileged terminal emulators
- From: Pekka Paalanen
- Running pam-enabled /bin/login sessions in unprivileged terminal emulators
- Prev by Date: Re: Running pam-enabled /bin/login sessions in unprivileged terminal emulators
- Next by Date: Re: Running pam-enabled /bin/login sessions in unprivileged terminal emulators
- Previous by thread: Re: Running pam-enabled /bin/login sessions in unprivileged terminal emulators
- Next by thread: Re: Running pam-enabled /bin/login sessions in unprivileged terminal emulators
- Index(es):
 |