Autor: Didier Kryn Data: Dla: dng Temat: Re: [DNG] elogind testing for experimental and ascii-proposed
Le 19/01/2018 à 18:34, KatolaZ a écrit : > On Fri, Jan 19, 2018 at 06:03:59PM +0100, Didier Kryn wrote:
>
> [cut]
>
>> I think the concept of session is still usefull in the framework of a
>> Desktop Environment. When you log into that kind of environment, you have a
>> few services associated to it which make your life easier, like monitoring
>> removable devices, battery or wifi status. It is also easier for dummies to
>> login through a display manager.
>>
> Hi Didier,
>
> if I understand it correctly, it seems that elogind + consolekit2 +
> upower + udisks + other pieces of black magic already allow to mount
> removable devices, monitor battery, suspend the system, and so on, in
> several DE configurations.
>
> I personally don't get all the intricacies of this hairball of
> protocols and interdependencies, but I am *very* *happy* that it
> somehow works, nevertheless.
>
> For a layman like me this means that we can consider having stuff like
> KDE as a working install-time desktop option in Devuan. Maybe not
> immediately, but surely in the near future.
>
> Do I care about DEs? Not at all. Do I care about having as many
> working DEs options in Devuan as physically possible? Oh yes man, I
> damn do...
>
>> But wether that session is local or not is, in my opinion, and as I
>> already said, futile; and it seems to be mostly used as a justification to
>> develop a tangle of daemons and middleware to bypass the traditional unix
>> security framework.
> This is where I get totally lost with sessions: why on Earth should I
> be able to mount an external device on a remote host to which I login
> via SSH? Or unable to do that, if I am a regular user of that machine?
> What is the use case for this madness? Does it really solve a problem,
> or is just the usual non-working and useless solution to a problem
> that doesn't even exist?
Hi Enzo.
The major use cases are:
1) server with remote users and only root allowed to mount
removable devices.
2) laptop/desktop with one user at a time with full authority to
mount removable devices. You can ssh to your desktop/laptop and still
have the same permissions, what's the harm? You should ask someone else
to insert the device, and this is the true issue and it's not solved by
the kits (-:
If the only role of policykit/consolekit/logind is to give you
permissions only if you are local, then I'm just saying that they
provide a complex solution to a non-existing problem.