On Wed, 2014-06-25 at 17:38 +0100, Simon McVittie wrote: > On 25/06/14 15:43, Svante Signell wrote: > > Regarding mate desktop policykit-1 build-depends on libsystemd-login-dev > > only for linux-any. What functionality is missing for other > > architectures? > > The interesting dependency chain is: > > policykit-1 Depends libpam-systemd [linux-any] (degraded functionality > on !linux) > libpam-systemd Depends systemd (i.e. systemd binaries are installed) > libpam-systemd Depends systemd-sysv (i.e. systemd is pid 1) > or systemd-shim (i.e. systemd-logind runs, but > systemd is probably not pid 1)
So the dependencies tracks down to PID1 issues: systemd-sysv | systemd-shim <text removed> > Upstream developers in various projects increasingly oppose group-based > access, because membership of many "desktop stuff" groups essentially > means "can ssh in and do bad things to a local user". For instance, > putting desktop users in group 'audio' or 'video' is no longer a > requirement for access to sound cards on systems with systemd-logind (it > hands out access using temporary ACLs instead) - which is just as well, > because putting those users in a group with permanent rw access to the > sound device or webcam would essentially mean they can ssh in while > someone else is using a computer, and spy on what is said near it. > Couldn't this problems be solved by denying remote users desktop login, only by tty, and the only way to get to the desktop is with startx? (Maybe not so liked for a modern box??) This is one of the best descriptions I've see in a long time, Thanks Simon, no bashing, just facts :) -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/1403722981.13072.43.ca...@g3620.my.own.domain
