After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 451400 - allow executing custom commands from slave
allow executing custom commands from slave
Status: RESOLVED OBSOLETE
Product: gdm
Classification: Core
Component: general
unspecified
Other Linux
: Normal enhancement
: ---
Assigned To: GDM maintainers
GDM maintainers
Depends on:
Blocks:
 
 
Reported: 2007-06-26 21:15 UTC by Colin Walters
Modified: 2010-04-30 13:18 UTC
See Also:
GNOME target: ---
GNOME version: ---

Attachments
patch to allow executing custom commands as "uipriv" (19.20 KB, patch)
2007-06-26 21:17 UTC, Colin Walters 		needs-work Details | Review

Description Colin Walters 2007-06-26 21:15:57 UTC 
Hi, the attached patch is an attempt to allow for custom commands to be executed in the context of the slave (i.e. with a connection to the X server, as root).

The reason I want this capability is for the Fedora guest-account project (https://hosted.fedoraproject.org/projects/guest-account).  The patch lets us execute a create-user program directly from the login screen.  

Now, ideally this would be integrated more tightly into GDM; the current approach has a few architectural flaws:

o It requires defining a custom command, which seems intended for local administrators
o Speaking the socket protocol to do the login creates a new VT instead of reusing the existing one

Some details of the existing patch that are ugly (any suggestions?):

o The distinction between commands executed by slave vs daemon is called "IsUiPriv" which feels odd but I'm not sure of a better name.
o The string "none" for the cmd text means "do not show prompt"; I didn't really want to add another config option...
Comment 1 Colin Walters 2007-06-26 21:17:19 UTC 
Created attachment 90709 [details] [review]
patch to allow executing custom commands as "uipriv"
Comment 2 Brian Cameron 2007-07-30 16:27:55 UTC 
Sorry it took me so long to review this patch.  I'm not sure what you mean by "speaking the socket protocol to do the login creates a new VT rather than reusing the existing one".  Could you explain more?

This bug sounds very similar to bug #443873, which complains that you can't run GUI programs as Custom Commands.  The problem is that currently custom commands are run by the slave as the root user and are intended to do things like custom reboot, shutdown, suspend (like boot to a different partition) that do not require a GUI.

Is your need just to be able to run a GUI, or do you really need to be able to specify what user the GUI runs as?  It seems a bit cleaner to run all GUI's as the "gdm" user.  If specific privilege is needed behind a GUI program, it might be better to have a supporting daemon?  If you can argue that there is a real need to be able to launch programs as a specific user, then we can discuss.

Please review bug #443873 and comment in that bug as well.  Probably we should fix both bugs together since they are similar.
Comment 3 Brian Cameron 2007-07-30 16:32:41 UTC 
cc:ing Lukasz since he wrote the original Custom Commands, and I'd like to hear his thoughts about this patch also.

Note, the idea of running GUI's as the root user is probably a bad idea from a security perspective.  It's better to follow the way GDM works and use the one user for the GUI and use another daemon to do actual root processing.  If you really need to run a GUI as root, then perhaps use something like sudo or similar to give privilege rather than making GDM run programs as the root user.
Comment 4 Colin Walters 2010-04-30 13:18:35 UTC 
This is long obsolete