Hi Isaac, On 09/11/2015 09:30 PM, Isaac Dunham wrote: > On Fri, Sep 11, 2015 at 11:23:38AM +0200, tilt! wrote:
Unadressed remains the lifecycle of $XDG_RUNTIME_DIR,
>> specifically: [...] >> * When is $XDG_RUNTIME_DIR created? >> [...]
Currently my best guess is that this should be performed everytime
>> the user starts an X session (it's an X thing after all, right), >> but Xsession.d is executed as the user, not root. Changing into the >> user ID is a thing of the display manager, there's no general way >> to hook in. Remains PAM. Probably. > > PAM would probably work well.
Work on such a PAM module was made ([1]) in Ubuntu. Development halted 2012-10-02, and the last security update was 2013-03-15. It has a few shortfalls (hardcoded basedir, uses $USER for rundir naming), and therefore could not be used as it is now immediately.
If I were implementing it (note: I'm the sort of guy who doesn't use
> PAM, or logind, or policykit...), I'd use a setuid helper that will > construct a path based on a fixed prefix, the user ID, and > optionally a six-character random string (ie, the "-n" option appends > _XXXXXX and calls mktemp). Same here, i don't like PAM because it tends to get a mess, and also it's not portable. I can't use Logind, because that is just what i want to avoid depending on. I don't like Policykit, because i don't want to write security policies in Javascript, and i also don't understand the nature and maintainance of the org.freedesktop.* namespace. I will think about this a bit more, but currently it converges towards a SUID helper and a separately configured directory for refcounts. > [...] Kind regards, T. Links: [1] Launchpad. pam-xdg-support. URL: https://launchpad.net/pam-xdg-support _______________________________________________ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
