From mboxrd@z Thu Jan 1 00:00:00 1970 From: jg@pa.dec.com (Jim Gettys) Date: Sat, 02 Feb 2002 20:55:41 +0000 Subject: Re: User-level Tasks in Hotplug Scripts? Message-Id: List-Id: References: In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit To: linux-hotplug@vger.kernel.org OK, folks (both X and wm-spec-list folks, that is, that I've added to this thread): How do we want to solve this problem? We need a secure, interoperable way for configuration scripts running as root to pop up configuration GUI's on user's servers, and we need it soon (yesterday), as hot-plug is now a reality on Linux systems.... Handling this for the local case is first priority, but we should give some thought about the possibility that the administrator's display is somewhere else in the network (e.g. we're configuring a server system's hotplug event, so the admin is elsewhere). Things to keep in the back of our minds is that we already have Kerberos 5 in the X server and library, so don't dismiss the remote case out of hand. - Jim > Sender: linux-hotplug-devel-admin@lists.sourceforge.net > From: David Brownell > Date: Fri, 01 Feb 2002 15:58:31 -0800 > To: Ryan Shaw , > linux-hotplug-devel@lists.sourceforge.net > Subject: Re: User-level Tasks in Hotplug Scripts? > ----- > > First question: Is the hotplug script the > > right place for this? If not, where is? > > Sure. Setup scripts are often used to do such stuff. > > > > Second question: If the hotplug script is > > the right place, why doesn't the following > > work? > > > > su - ryan -c "nautilus --display=:0.0 > /home/ryan/nautilus.log 2>&1" & > > My guess would be it's an X11 permissions problem, > or maybe a PATH= problem (is nautilus in the path?) > but what'd be most interesting would be the diagnostics > from that "su" command. That'll say why it fails. > > The general issue with firing up GUI applications on > hotplug events is that there's no standard way that > a program running as one user (say, root) can locate > the X server used by another (like "ryan", even assuming > he is logged on only once :), and then get permission to > talk to that server. > > As a rule, GUI IPC architectures use some intermediary > process that runs some kind of combined naming/activation > service (maybe based on CORBA) to talk to applications, > rather than allowing users to talk directly to those X servers. > After all, if you can talk directly, you can take over the whole > desktop, snooping for passwords or whatever. > > - Dave > > > _______________________________________________ > Linux-hotplug-devel mailing list http://linux-hotplug.sourceforge.net > Linux-hotplug-devel@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/linux-hotplug-devel _______________________________________________ Linux-hotplug-devel mailing list http://linux-hotplug.sourceforge.net Linux-hotplug-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/linux-hotplug-devel