From: Jim Carter <jimc@math.ucla.edu>
To: linux-hotplug@vger.kernel.org
Subject: Re: User-level Tasks in Hotplug Scripts?
Date: Mon, 04 Feb 2002 19:28:51 +0000 [thread overview]
Message-ID: <marc-linux-hotplug-101285112028323@msgid-missing> (raw)
In-Reply-To: <marc-linux-hotplug-101256895903801@msgid-missing>
On Fri, 1 Feb 2002, Ryan Shaw wrote:
> I would like to have the script that is run
> when hotplug detects my camera launch nautilus
> as well, as it is my image browser of choice.
> ...
> Hotplugging scripts are run as root, so I have
> the following line to launch nautilus: [which won't start]
>
> su - ryan -c "nautilus --display=:0.0 > /home/ryan/nautilus.log 2>&1" &
I have a distantly related application which does security checksums (as
root) and displays the result to whoever happens to be logged in, piping it
to xmessage. Being root, with authority to read any file, I steal the
X-server's own authorization file. Here's the code, leaving out two or
three details that bypass this if X happens to be turned off:
for f in /etc/X11/xdm/authdir/authfiles/A:0* ; do
XAUTHORITY=$f
done
export DISPLAY=:0.0
export XAUTHORITY
xmessage -title "Daily Housekeeping" -timeout 900 -file /tmp/report.txt
The loop is done because an accident might leave a stale auth file, and I'd
rather have it fail to auth than get a syntax error.
In your case, I'd suggest doing an imitation of xdm -- copy the auth file
to a file in /tmp owned by you and mode 600, and XAUTHORITY=/tmp/thatfile.
Then do the "su". Then if your kid in middle school is using your machine,
he/she can plug in the camera and see the pics, but can't do much damage
through the X authorization. (And, since the kid is the console user, the
auth file properly belongs to him, so essentially you've stolen it from
him, not him from you.)
I'm not suggesting this as a general solution, as for a Windoze-ish GUI to
select drivers and config parms, and particularly, the security
implications would have to be thought through *very* carefully in a public
lab environment, but for a single-user or family situation it's probably
sufficient.
James F. Carter Voice 310 825 2897 FAX 310 206 6673
UCLA-Mathnet; 6115 MSA; 405 Hilgard Ave.; Los Angeles, CA, USA 90095-1555
Email: jimc@math.ucla.edu http://www.math.ucla.edu/~jimc (q.v. for PGP key)
_______________________________________________
Linux-hotplug-devel mailing list http://linux-hotplug.sourceforge.net
Linux-hotplug-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/linux-hotplug-devel
next prev parent reply other threads:[~2002-02-04 19:28 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2002-02-01 13:09 User-level Tasks in Hotplug Scripts? Ryan Shaw
2002-02-01 23:58 ` David Brownell
2002-02-02 20:55 ` Jim Gettys
2002-02-02 22:02 ` Oliver Neukum
2002-02-02 22:12 ` Jim Gettys
2002-02-02 22:52 ` Oliver Neukum
2002-02-02 23:02 ` David Brownell
2002-02-03 0:58 ` Scott Cuyle Fritzinger
2002-02-03 8:36 ` Greg KH
2002-02-04 6:02 ` Dmitry Yu. Bolkhovityanov
2002-02-04 15:10 ` Jim Gettys
2002-02-04 19:28 ` Jim Carter [this message]
2002-02-05 3:32 ` David Brownell
2002-02-05 15:05 ` Ryan Shaw
2002-02-06 14:30 ` Marcus Harnisch
2002-02-06 14:54 ` Jim Gettys
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=marc-linux-hotplug-101285112028323@msgid-missing \
--to=jimc@math.ucla.edu \
--cc=linux-hotplug@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).