LinuxQuestions.org
Did you know LQ has a Linux Hardware Compatibility List?
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware
User Name
Password
Slackware This Forum is for the discussion of Slackware Linux.

Notices

Reply
 
Search this Thread
Old 04-09-2011, 09:28 PM   #1
Woodsman
Senior Member
 
Registered: Oct 2005
Distribution: Slackware 14.0
Posts: 3,470

Rep: Reputation: 519Reputation: 519Reputation: 519Reputation: 519Reputation: 519Reputation: 519
ConsoleKit and PolicyKit


What breaks when these packages are removed?

Yeah, yeah, I know, "Remove the packages and tell us then we'll all know."

Seriously, I'm curious.

I presume many pieces of KDE4 breaks, but exactly what? What else breaks? Xfce? Fluxbox? Login?

Both are in the "l" branch rather than "a" or "ap," which means they are not uber-critical to running the core of Slackware.

Exactly what in Slackware these days is now dependent upon those packages?
 
Old 04-09-2011, 10:10 PM   #2
stormtracknole
Member
 
Registered: Aug 2005
Location: The Big Easy
Distribution: Slackware, RHEL
Posts: 792

Rep: Reputation: 104Reputation: 104
NetworkManager for one requires both. I'm not sure which of the official Slackware packages requires them though.
 
Old 04-09-2011, 11:21 PM   #3
Darth Vader
Member
 
Registered: May 2008
Location: Romania
Distribution: DARKSTAR Linux 2008.1
Posts: 593

Rep: Reputation: 108Reputation: 108
Quote:
Originally Posted by Woodsman View Post
What breaks when these packages are removed?
If you remove these packages, you'll kiss goodbye the KDE and XFCE. Because PolicyKit/ConsoleKit is used for login management.

Last edited by Darth Vader; 04-09-2011 at 11:23 PM.
 
Old 04-09-2011, 11:45 PM   #4
stormtracknole
Member
 
Registered: Aug 2005
Location: The Big Easy
Distribution: Slackware, RHEL
Posts: 792

Rep: Reputation: 104Reputation: 104
Quote:
Originally Posted by Darth Vader View Post
If you remove these packages, you'll kiss goodbye the KDE and XFCE. Because PolicyKit/ConsoleKit is used for login management.
Um, yeah, that's a pretty big deal! Good to know!
 
Old 04-10-2011, 12:22 AM   #5
volkerdi
Slackware Maintainer
 
Registered: Dec 2002
Location: Minnesota
Distribution: Slackware! :-)
Posts: 853

Rep: Reputation: 1658Reputation: 1658Reputation: 1658Reputation: 1658Reputation: 1658Reputation: 1658Reputation: 1658Reputation: 1658Reputation: 1658Reputation: 1658Reputation: 1658
Quote:
Originally Posted by Woodsman View Post
What breaks when these packages are removed?
If you don't want to use ConsoleKit/PolicyKit, just set the perms on rc.consolekit to 644 and the daemons will not run at boot, and none of the CK/PK stuff will be used. But since the libraries are still around, things will still work.
 
4 members found this post helpful.
Old 04-10-2011, 02:01 AM   #6
kingbeowulf
Member
 
Registered: Oct 2003
Location: WA
Distribution: Slackware64 14.1, Slackware 14.1
Posts: 501

Rep: Reputation: 136Reputation: 136
Quote:
Originally Posted by Darth Vader View Post
If you remove these packages, you'll kiss goodbye the KDE and XFCE. Because PolicyKit/ConsoleKit is used for login management.
Even if you don't use a desktop environment GUI? When slackware 1st boots up in runlevel 3, then I can't log in without them? PV states that I can stop the daemons and "things will still work."

I am still a bit befuddled about the usefulness of ConsoleKit/PolicyKit, and/or I don't fully understand the function/architecture (some of the functionality seems to be for multiseat/multiuser, but for a simple desktop system, only one user will ever be logged on). It just seems to provide a path to poke holes in a system's security to allow unprivileged programs privileged system access. We see what easy system access has done for "that other dominant desktop operating system." (heck, I don't even care for sudo...)

...damn, I miss my old CP/M Z80 system......
 
Old 04-10-2011, 05:09 AM   #7
Darth Vader
Member
 
Registered: May 2008
Location: Romania
Distribution: DARKSTAR Linux 2008.1
Posts: 593

Rep: Reputation: 108Reputation: 108
Quote:
Originally Posted by beowulf999 View Post
I am still a bit befuddled about the usefulness of ConsoleKit/PolicyKit, and/or I don't fully understand the function/architecture (some of the functionality seems to be for multiseat/multiuser, but for a simple desktop system, only one user will ever be logged on). It just seems to provide a path to poke holes in a system's security to allow unprivileged programs privileged system access. We see what easy system access has done for "that other dominant desktop operating system." (heck, I don't even care for sudo...)

...damn, I miss my old CP/M Z80 system......
ConsoleKit / PolicyKit works approximately as follows:

When you want to perform a certain action, which requires root login, you will be prompted for a password only once for this type of action during the session. At least this way they should work with PAM.

Regarding the extensive use of the 'root' user, I think it's a very bad idea. As 'root', Linux is as vulnerable to viruses as Windows.

The idea is that it is not impossible to write viruses for Linux, in fact is it as easy like in Windows, but the viruses are inefficient when run as 'user' and 99% of Linux users currently use an account 'user', so there not are Linux viruses interesting.

Last edited by Darth Vader; 04-10-2011 at 05:11 AM.
 
2 members found this post helpful.
Old 04-10-2011, 07:33 AM   #8
imitheos
Member
 
Registered: May 2005
Location: Greece
Posts: 372

Rep: Reputation: 55
Quote:
Originally Posted by Darth Vader View Post
If you remove these packages, you'll kiss goodbye the KDE and XFCE. Because PolicyKit/ConsoleKit is used for login management.
I have removed consolekit/policykit (and also hal). You won't kiss the DEs goodbye. I tried firing up KDE after adding a new user and it runs fine with sound and everything.

If i remember correctly the issues are:
1) automount won't work
2) shutdown/hibernate/etc won't be available at the KDE menu
3) kdm is linked with ck-connector so you need another *dm.
4) you need polkit if you use udisks (Eric's KDE 4.6 and ponce's LXDE-git comes to mind)

Quote:
Originally Posted by beowulf999 View Post
I am still a bit befuddled about the usefulness of ConsoleKit/PolicyKit, and/or I don't fully understand the function/architecture (some of the functionality seems to be for multiseat/multiuser, but for a simple desktop system, only one user will ever be logged on).
That is why i removed it a long time ago. I hate having software that i don't understand its behavior (personal whim ofcourse).

I did a search at that time and i think the behavior is the following:

When consolekit runs, it registers a dbus service (DBUS is an IPC framework. A way for apps to talk with each other.). KDM asks consolekit to open a new session. consolekit then queries policykit to see if it should and opens the session. After that, the DE works the same as ever.

When a user tries to reboot or mount a device, then the DE will ask polkit "hey, udev said a usb flash disk was plugged and i want to mount it". polkit will read it policies to determine if the user can mount the disk. It sees "policy a) user must belong in the X group (for example plugdev). policy b) user must have root priviledges". If the user belongs to the group then it will mount the disk, otherwise it will ask for a password like Darth Vader said. After that the DE will get a polkit "ok i mounted it" reply and it will present you with a file manager window.

I may be way wrong, but i think something like that is happening.

Last edited by imitheos; 04-10-2011 at 08:17 AM.
 
1 members found this post helpful.
Old 04-10-2011, 08:11 PM   #9
grissiom
Member
 
Registered: Apr 2008
Location: China, Beijing
Distribution: Slackware
Posts: 411

Rep: Reputation: 45
So, {console,policy}kit will provide something like win7/vista's UAC? IMHO, it's good because it will give the user chance to enter root password and gain privilege anther than simply reject the operation.
 
Old 04-14-2011, 04:53 PM   #10
narz
Member
 
Registered: May 2007
Location: US
Distribution: slackware
Posts: 184

Rep: Reputation: 35
Are these necessary to run with XFCE 4.6.2? What happens if I just uninstall them? I don't really like the underlying complexity these types of things add to my system when I don't even want or need them. Or maybe they're not complex and I just don't understand what I need them for, but that seems like a problem in itself lol.

I know the whole Slackware team wants to keep things simple, clean and transparent but Linux as a whole seems like it keeps "ubuntinizing." Lame...
 
Old 04-14-2011, 05:31 PM   #11
gilead
Senior Member
 
Registered: Dec 2005
Location: Brisbane, Australia
Distribution: Slackware64 14.0
Posts: 4,123

Rep: Reputation: 151Reputation: 151
If you want to see what happens, you don't have to uninstall. Do what Pat suggested in post #5 above, just set the perms on rc.consolekit to 644 and the daemons will not run at boot.
 
Old 04-14-2011, 05:53 PM   #12
narz
Member
 
Registered: May 2007
Location: US
Distribution: slackware
Posts: 184

Rep: Reputation: 35
Quote:
Originally Posted by gilead View Post
If you want to see what happens, you don't have to uninstall. Do what Pat suggested in post #5 above, just set the perms on rc.consolekit to 644 and the daemons will not run at boot.
Right but there's still that lingering ambiguity for me of when and why I need them right now.
 
Old 04-15-2011, 07:28 AM   #13
the3dfxdude
Member
 
Registered: May 2007
Posts: 315

Rep: Reputation: 84
I find this thread really curious. I am running XFCE on slackware-current, and I don't have either polkit or ConsoleKit installed. What are they used for? Actually I kind of do know what they do, but what's broken?

I know when these first were added to slackware (-current a while ago), XFCE didn't use them yet so I skipped installing them
 
Old 04-15-2011, 12:19 PM   #14
Woodsman
Senior Member
 
Registered: Oct 2005
Distribution: Slackware 14.0
Posts: 3,470

Original Poster
Rep: Reputation: 519Reputation: 519Reputation: 519Reputation: 519Reputation: 519Reputation: 519
Quote:
Actually I kind of do know what they do, but what's broken?
Well, that's what I asked in my original post. I think those packages were added solely for KDE4. I don't recall discussions about Xfce needing them.

Pat's response to disable the services to see what breaks makes some sense, but if the libraries remain installed I am curious what, if anything, really breaks.

I would like to see an explanation why those packages are needed and traditional group assignments are no longer adequate in KDE4 to provide security.
 
Old 04-15-2011, 12:55 PM   #15
volkerdi
Slackware Maintainer
 
Registered: Dec 2002
Location: Minnesota
Distribution: Slackware! :-)
Posts: 853

Rep: Reputation: 1658Reputation: 1658Reputation: 1658Reputation: 1658Reputation: 1658Reputation: 1658Reputation: 1658Reputation: 1658Reputation: 1658Reputation: 1658Reputation: 1658
Quote:
Originally Posted by Woodsman View Post
I would like to see an explanation why those packages are needed and traditional group assignments are no longer adequate in KDE4 to provide security.
Because that's what freedesktop.org decided to push, and that's what KDE and Xfce support. Besides that, the type of privilege that the *Kit programs provide is somewhat different than what groups can control access to, and is more like a graphical sudo kind of thing.

Prior to *Kit, there were some actions a non-root user could take that would prompt for the root password to proceed. From a security standpoint, that's no good at all. Pretty easy for someone in a computer lab to whip up a fake dialog and then "need help with mounting this disc" or something.
 
3 members found this post helpful.
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Current versions of policykit/consolekit vs Gnome Slackbuild Projects pk/ck? damgar Slackware 3 05-08-2010 06:48 PM
PolicyKit rpm for RHEL 5.4 vsumanth10 Red Hat 5 03-11-2010 12:15 PM
Can't control policyKit ohadbasan Linux - Desktop 4 08-24-2009 01:23 PM
HAL, DBus and Policykit slothpuck Slackware 2 01-31-2007 12:56 PM
PolicyKit and Hal problem TongueTied Linux - Software 1 01-19-2007 08:26 PM


All times are GMT -5. The time now is 03:32 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration