On Mo, 16.10.17 12:32, Simon McVittie ([email protected]) wrote: > On Sat, 14 Oct 2017 at 17:50:33 +0300, Mantas Mikulėnas wrote: > > No, it's only available for local sessions (ones which systemd-logind > > considers > > "local" + "active"). I think the idea is that console users automatically > > get > > more privileges in general. > > Specifically, the idea is that console users should have access to > devices that are the machine representation of things they can physically > access anyway. The classic example is audio. If Alice is sitting at a > desktop/laptop computer and Bob is ssh'd in to the same computer, it's > fine for Alice to be able to record the same audio that she can hear > already; but it is usually not OK for Bob to be able to record audio > because that would let him spy on Alice. > > Similarly, logind defaults to allowing local active users to shut down > the machine (because they are likely to be in a position to pull the > plug or remove the battery anyway), but not remote users (to prevent > them from causing denial-of-service for local users or other remote users). > > > For SSH-only usage, use traditional groups (e.g. add yourself to the "video" > > group). To assign group ownership to /dev/kfd, use GROUP="foo" in udev > > rules. > > And, yes, the way to bypass the "only local users" bit is to add your uid > to an appropriate group, which is a way of saying: this user has special > privileges, and can access something (in your case video) even when not > physically present.
For the sake of the archives this discussion more or less moved to: https://github.com/systemd/systemd/pull/7112 Lennart -- Lennart Poettering, Red Hat _______________________________________________ systemd-devel mailing list [email protected] https://lists.freedesktop.org/mailman/listinfo/systemd-devel
