SEO
vBulletin Search Engine Optimization
| |||||||
| Register | FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
02-20-2008, 09:51 PM
| ||||
| ||||
 Slackware 12.0 and HAL usage - Read this! Hey guys, one (relatively) minor issue encountered after release, but it's easy enough to work around. I originally posted this at http://www.linuxquestions.org/questi...d.php?t=566862 but here it is again for the archives: Many people have figured this out by now, but there's one "gotcha" with automounting removable devices using HAL. Console users are automatically added to the cdrom and plugdev groups at login via /etc/login.defs # List of groups to add to the user's supplementary group set # when logging in on the console (as determined by the CONSOLE # setting). Default is none. # # Use with caution - it is possible for users to gain permanent # access to these groups, even when not logged in on the console. # How to do it is left as an exercise for the reader... # CONSOLE_GROUPS floppy:audio:video:cdromlugdev The idea behind doing this was that it would "just work" without the need for admins to manually add users to the plugdev and cdrom groups, but due to the way dbus functions, it didn't work out that way. When the messagebus service is started, it reads the content of /etc/group and then determines whether users have rights to mount removable devices based on that. This is why the 'reload' option was added to /etc/rc.d/rc.messagebus, as you need to make it aware of any changes to /etc/group if you happen to edit that file to add users to plugdev, cdrom, power, or video groups while dbus is running. Long story short, you will need to manually add users to the affected groups - do not rely on the output of groups(1) to determine whether a user is in the appropriate group as it pertains to dbus and HAL. For those interested in further reading, note that this is not a Slackware-specific problem - it's being discussed in various other distribution forums as well. http://www.debian-administration.org.../308#comment_7 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=377689 http://www.mail-archive.com/debian-d...msg240793.html Note that the "solutions" presented in the first two links are *ugly* so my recommendation is to not even consider them, but of course, it's *your* system. The *best* way until/unless something changes in the dbus code (which doesn't seem to be easy to do in an effective and secure manner) is to manually add users to the needed groups in /etc/group. Thanks to Motoko-chan for help with confirming this and providing the links above, and thanks to Andrew Brouwers for accidentally providing the bug report :-) RW      |
|
02-20-2008, 09:51 PM
| |||
| |||
| Re: Slackware 12.0 and HAL usage - Read this! On Fri, 06 Jul 2007 04:28:00 GMT Robby Workman <newsgroups@rlworkman.net> wrote: > Hey guys, one (relatively) minor issue encountered after release, > but it's easy enough to work around. I originally posted this at > http://www.linuxquestions.org/questi...d.php?t=566862 > but here it is again for the archives: Thank you Robby! Also, thanks a lot to you and the guys for preparing a great repository of build scripts especially for Slack-12.0! <http://slackbuilds.org/> -- Mikhail |
|
02-20-2008, 09:53 PM
| |||
| |||
| Re: Slackware 12.0 and HAL usage - Read this! Robby Workman wrote: ------------snip------------ > > # List of groups to add to the user's supplementary group set > # when logging in on the console (as determined by the CONSOLE > # setting). Default is none. > # > # Use with caution - it is possible for users to gain permanent > # access to these groups, even when not logged in on the console. > # How to do it is left as an exercise for the reader... > # > CONSOLE_GROUPS floppy:audio:video:cdromlugdev > >--------------snip------------ CONSOLE_GROUPS floppy:audio:video:cdrom  lugdevCorrect? your linuxquestions.com post has a smiley instead of (I have always hated those things) >-----------snip----------- > > Thanks to Motoko-chan for help with confirming this and providing the > links above, and thanks to Andrew Brouwers for accidentally providing > the bug report :-) > > RW |
|
02-20-2008, 09:54 PM
| |||
| |||
| Re: Slackware 12.0 and HAL usage - Read this! On 2007-07-08, King Beowulf <kingbeowulf@nospam.gmail.com> wrote: > Robby Workman wrote: > ------------snip------------ >> >> # List of groups to add to the user's supplementary group set >> # when logging in on the console (as determined by the CONSOLE >> # setting). Default is none. >> # >> # Use with caution - it is possible for users to gain permanent >> # access to these groups, even when not logged in on the console. >> # How to do it is left as an exercise for the reader... >> # >> CONSOLE_GROUPS floppy:audio:video:cdromlugdev >> >>--------------snip------------ > > CONSOLE_GROUPS floppy:audio:video:cdrom lugdev> > Correct? your linuxquestions.com post has a smiley instead of Yes, this is correct. Sorry about that - there is allegedly a way to kill the smiley things on LQ, but this is the first time it's bothered me, so I've never worried about it. Thanks for the clarification. RW |
|
02-20-2008, 09:54 PM
| |||
| |||
| Re: Slackware 12.0 and HAL usage - Read this! On 2007-07-08, Robby Workman <newsgroups@rlworkman.net> wrote: > On 2007-07-08, King Beowulf <kingbeowulf@nospam.gmail.com> wrote: >> Robby Workman wrote: >> ------------snip------------ >>> >>> # List of groups to add to the user's supplementary group set >>> # when logging in on the console (as determined by the CONSOLE >>> # setting). Default is none. >>> # >>> # Use with caution - it is possible for users to gain permanent >>> # access to these groups, even when not logged in on the console. >>> # How to do it is left as an exercise for the reader... >>> # >>> CONSOLE_GROUPS floppy:audio:video:cdromlugdev >>> >>>--------------snip------------ >> >> CONSOLE_GROUPS floppy:audio:video:cdrom lugdev>> >> Correct? your linuxquestions.com post has a smiley instead of > > > Yes, this is correct. Sorry about that - there is allegedly a > way to kill the smiley things on LQ, but this is the first time > it's bothered me, so I've never worried about it. Thanks for the > clarification. One more thing that has come up, which I intended to note in the CHANGES_AND_HINTS.TXT document, but I forgot: /usr/bin/hal-device-manager needs PyGTK and a few things from gnome in order to work. Pat elected to leave the binary in the package due to the fact that some users will elect to install one of the third-party gnome builds, and any of those should provide the necessary dependencies for hal-device-manager to work. RW |
|
02-20-2008, 09:54 PM
| |||
| |||
| Re: Slackware 12.0 and HAL usage - Read this! On Sun, 08 Jul 2007 23:50:34 +0000, Robby Workman wrote: > One more thing that has come up, which I intended to note in the > CHANGES_AND_HINTS.TXT document, but I forgot: > > /usr/bin/hal-device-manager needs PyGTK and a few things from gnome > in order to work. Pat elected to leave the binary in the package > due to the fact that some users will elect to install one of the > third-party gnome builds, and any of those should provide the necessary > dependencies for hal-device-manager to work. This is rapidly becoming confusing... I just confirmed that on a non-Gnome system, running hal-device-manager produces: File "/usr/bin/hal-device-manager", line 7, in <module> import pygtk ImportError: No module named pygtk How does this affect the operation of HAL itself? Is the functionality of HAL lost completely if Gnome is not installed...? What does "hal-device-manager" actually do? -- "Ubuntu" -- an African word, meaning "Slackware is too hard for me". |
|
02-20-2008, 09:54 PM
| |||
| |||
| Re: Slackware 12.0 and HAL usage - Read this! On 2007-07-09, Dan C <youmustbejoking@lan.invalid> wrote: > On Sun, 08 Jul 2007 23:50:34 +0000, Robby Workman wrote: > >> One more thing that has come up, which I intended to note in the >> CHANGES_AND_HINTS.TXT document, but I forgot: >> >> /usr/bin/hal-device-manager needs PyGTK and a few things from gnome >> in order to work. Pat elected to leave the binary in the package >> due to the fact that some users will elect to install one of the >> third-party gnome builds, and any of those should provide the necessary >> dependencies for hal-device-manager to work. > > This is rapidly becoming confusing... I just confirmed that on a > non-Gnome system, running hal-device-manager produces: > > File "/usr/bin/hal-device-manager", line 7, in <module> > import pygtk > ImportError: No module named pygtk Yes, that's due to the fact that pygtk is missing. If you install pygtk, you'll still get that when it attempts to import pygnome. If you open /usr/bin/hal-device-manager in an editor, you'll notice that it's just a python script. > How does this affect the operation of HAL itself? Is the functionality of > HAL lost completely if Gnome is not installed...? No, not at all. HAL works fine without it. > What does "hal-device-manager" actually do? It seems to be a graphical hardware device list similar to what you find in MS Windows' hardware manager. RW |
|
02-20-2008, 09:54 PM
| |||
| |||
| Re: Slackware 12.0 and HAL usage - Read this! On Mon, 09 Jul 2007 01:47:47 +0000, Robby Workman wrote: >> This is rapidly becoming confusing... I just confirmed that on a >> non-Gnome system, running hal-device-manager produces: >> >> File "/usr/bin/hal-device-manager", line 7, in <module> >> import pygtk >> ImportError: No module named pygtk > Yes, that's due to the fact that pygtk is missing. If you install > pygtk, you'll still get that when it attempts to import pygnome. > If you open /usr/bin/hal-device-manager in an editor, you'll notice > that it's just a python script. OK. >> How does this affect the operation of HAL itself? Is the functionality of >> HAL lost completely if Gnome is not installed...? > No, not at all. HAL works fine without it. Cool. >> What does "hal-device-manager" actually do? > It seems to be a graphical hardware device list similar to what you > find in MS Windows' hardware manager. Ahh, OK. Just some useless fluff, then. Thanks for the info. -- "Ubuntu" -- an African word, meaning "Slackware is too hard for me". |
|
02-20-2008, 10:06 PM
| |||
| |||
| Re: Slackware 12.0 and HAL usage - Read this! Robby Workman wrote: > Hey guys, one (relatively) minor issue encountered after release, > but it's easy enough to work around. I originally posted this at > http://www.linuxquestions.org/questi...d.php?t=566862 > but here it is again for the archives: > > Many people have figured this out by now, but there's one "gotcha" > with automounting removable devices using HAL. > Console users are automatically added to the cdrom and plugdev groups > at login via /etc/login.defs > > # List of groups to add to the user's supplementary group set > # when logging in on the console (as determined by the CONSOLE > # setting). Default is none. > # > # Use with caution - it is possible for users to gain permanent > # access to these groups, even when not logged in on the console. > # How to do it is left as an exercise for the reader... > # > CONSOLE_GROUPS floppy:audio:video:cdromlugdev > > The idea behind doing this was that it would "just work" without the > need for admins to manually add users to the plugdev and cdrom groups, > but due to the way dbus functions, it didn't work out that way. > When the messagebus service is started, it reads the content of > /etc/group and then determines whether users have rights to mount > removable devices based on that. This is why the 'reload' option was > added to /etc/rc.d/rc.messagebus, as you need to make it aware of any > changes to /etc/group if you happen to edit that file to add users to > plugdev, cdrom, power, or video groups while dbus is running. > > Long story short, you will need to manually add users to the affected > groups - do not rely on the output of groups(1) to determine whether > a user is in the appropriate group as it pertains to dbus and HAL. > > For those interested in further reading, note that this is not a > Slackware-specific problem - it's being discussed in various other > distribution forums as well. > > http://www.debian-administration.org.../308#comment_7 > http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=377689 > http://www.mail-archive.com/debian-d...msg240793.html > > Note that the "solutions" presented in the first two links are *ugly* > so my recommendation is to not even consider them, but of course, it's > *your* system. The *best* way until/unless something changes in the > dbus code (which doesn't seem to be easy to do in an effective and > secure manner) is to manually add users to the needed groups in > /etc/group. > > Thanks to Motoko-chan for help with confirming this and providing the > links above, and thanks to Andrew Brouwers for accidentally providing > the bug report :-) > > RW Another question: Why does "root" need to be added to those groups to get it to work? This may be a naive query but I am curious. |
|
02-20-2008, 10:06 PM
| ||||
| ||||
| Re: Slackware 12.0 and HAL usage - Read this! > Another question: Why does "root" need to be added to those groups to get > it to work? This may be a naive query but I am curious. I beleive it's because HAL uses Dbus API to explicitly check the groups the user is in. So root's system-wide permisions to touch everything don't apply. -- damjan |
Linear Mode
