Hi Isaac,
On 09/11/2015 09:30 PM, Isaac Dunham wrote:
> On Fri, Sep 11, 2015 at 11:23:38AM +0200, tilt! wrote:
>> Unadressed remains the lifecycle of $XDG_RUNTIME_DIR,
>> specifically: [...]
>> * When is $XDG_RUNTIME_DIR created?
>> [...]
>> Currently my best guess is that this should be performed everytime
>> the user starts an X session (it's an X thing after all, right),
>> but Xsession.d is executed as the user, not root. Changing into the
>> user ID is a thing of the display manager, there's no general way
>> to hook in. Remains PAM. Probably.
>
> PAM would probably work well.
Work on such a PAM module was made ([1]) in Ubuntu. Development
halted 2012-10-02, and the last security update was 2013-03-15.
It has a few shortfalls (hardcoded basedir, uses $USER for rundir
naming), and therefore could not be used as it is now immediately.
> If I were implementing it (note: I'm the sort of guy who doesn't use
> PAM, or logind, or policykit...), I'd use a setuid helper that will
> construct a path based on a fixed prefix, the user ID, and
> optionally a six-character random string (ie, the "-n" option appends
> _XXXXXX and calls mktemp).
Same here, i don't like PAM because it tends to get a mess, and also
it's not portable. I can't use Logind, because that is just what i want
to avoid depending on. I don't like Policykit, because i don't want to
write security policies in Javascript, and i also don't understand the
nature and maintainance of the org.freedesktop.* namespace.
I will think about this a bit more, but currently it converges towards
a SUID helper and a separately configured directory for refcounts.
> [...]
Kind regards,
T.
Links:
[1] Launchpad. pam-xdg-support.
URL:
https://launchpad.net/pam-xdg-support