https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=279669
Jonathan Vasquez <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |[email protected] --- Comment #13 from Jonathan Vasquez <[email protected]> --- Hey all, I've also been dealing with gnome-keyring related issues (used to work a few months ago but for whatever reason I'm unable to get it (gnome-keyring/thunar/samba) fully working with a fresh install). I'll avoid going to much into it since its only tangetilly related to this ticket since I don't use lightdm, however I did do a lot of experimentation with using the normal "pam_xdg.so" flow and using ck-launch-session, and I can confirm others have said regarding the XDG_RUNTIME_DIR being set differently. One thing I did want to bring up is that I noticed the /var/run/xdg directory is set to 744 by default, which would prevent the user itself from viewing the contents of this directory. It should be safe to allow everyone to read that directory by making it 755. It's safe specifically because every user under 'xdg' has 700 as permissions, so this would mean that every user logged into that system would be able to view their own contents but no one elses. For example: 744 /var/run/xdg 700 /var/run/xdg/jon User 'jon' cant do 'ls /var/run/xdg/jon'. I'm not sure if there are negative side effects due to this. The only thing I've noticed is a 'gkr-pam: unable to locale daemon control file' warning, but the file is actually properly created upon a successful login, and the xdg/jon dir is completely removed upon a log out. My gnome-keyring's "Login" (and default) keyring seems to be successfully unlocked, although for w/e reason Thunar can't store the passwords upon a successful samba login when the "Remember forever" option is set. The gkr-pam warning happens even if I log into a tty successfully for the user in tty1, and then switch to tty0 and try to login again with the same user. At that point the xdg/jon/keyrings/control socket does exist so I would assume the warning to go away. Not sure how this is working. Anyways, just an observation regarding those permissions and wanted to confirm if that's intended behavior. Thank you! -- You are receiving this mail because: You are the assignee for the bug.
