From mboxrd@z Thu Jan 1 00:00:00 1970 From: Jim Carter Date: Mon, 04 Feb 2002 19:28:51 +0000 Subject: Re: User-level Tasks in Hotplug Scripts? Message-Id: List-Id: References: In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit To: linux-hotplug@vger.kernel.org On Fri, 1 Feb 2002, Ryan Shaw wrote: > I would like to have the script that is run > when hotplug detects my camera launch nautilus > as well, as it is my image browser of choice. > ... > Hotplugging scripts are run as root, so I have > the following line to launch nautilus: [which won't start] > > su - ryan -c "nautilus --display=:0.0 > /home/ryan/nautilus.log 2>&1" & I have a distantly related application which does security checksums (as root) and displays the result to whoever happens to be logged in, piping it to xmessage. Being root, with authority to read any file, I steal the X-server's own authorization file. Here's the code, leaving out two or three details that bypass this if X happens to be turned off: for f in /etc/X11/xdm/authdir/authfiles/A:0* ; do XAUTHORITY=$f done export DISPLAY=:0.0 export XAUTHORITY xmessage -title "Daily Housekeeping" -timeout 900 -file /tmp/report.txt The loop is done because an accident might leave a stale auth file, and I'd rather have it fail to auth than get a syntax error. In your case, I'd suggest doing an imitation of xdm -- copy the auth file to a file in /tmp owned by you and mode 600, and XAUTHORITY=/tmp/thatfile. Then do the "su". Then if your kid in middle school is using your machine, he/she can plug in the camera and see the pics, but can't do much damage through the X authorization. (And, since the kid is the console user, the auth file properly belongs to him, so essentially you've stolen it from him, not him from you.) I'm not suggesting this as a general solution, as for a Windoze-ish GUI to select drivers and config parms, and particularly, the security implications would have to be thought through *very* carefully in a public lab environment, but for a single-user or family situation it's probably sufficient. James F. Carter Voice 310 825 2897 FAX 310 206 6673 UCLA-Mathnet; 6115 MSA; 405 Hilgard Ave.; Los Angeles, CA, USA 90095-1555 Email: jimc@math.ucla.edu http://www.math.ucla.edu/~jimc (q.v. for PGP key) _______________________________________________ Linux-hotplug-devel mailing list http://linux-hotplug.sourceforge.net Linux-hotplug-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/linux-hotplug-devel