From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp10.migadu.com ([2001:41d0:2:bcc0::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms5.migadu.com with LMTPS id YFUzDfOo62JHuwAAbAwnHQ (envelope-from ) for ; Thu, 04 Aug 2022 13:09:39 +0200 Received: from aspmx1.migadu.com ([2001:41d0:2:bcc0::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp10.migadu.com with LMTPS id CHYvDPOo62K8bwAAG6o9tA (envelope-from ) for ; Thu, 04 Aug 2022 13:09:39 +0200 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id CE781414F4 for ; Thu, 4 Aug 2022 13:09:38 +0200 (CEST) Received: from localhost ([::1]:58666 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1oJYjR-0007Q9-Jp for larch@yhetil.org; Thu, 04 Aug 2022 07:09:37 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:52004) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1oJYis-0007Q0-IL for bug-guix@gnu.org; Thu, 04 Aug 2022 07:09:02 -0400 Received: from debbugs.gnu.org ([209.51.188.43]:33438) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1oJYis-0004uM-96 for bug-guix@gnu.org; Thu, 04 Aug 2022 07:09:02 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1oJYis-0001gY-2e for bug-guix@gnu.org; Thu, 04 Aug 2022 07:09:02 -0400 X-Loop: help-debbugs@gnu.org Subject: bug#56971: greeter user permissions are not enough to talk with seatd Resent-From: Liliana Marie Prikler Original-Sender: "Debbugs-submit" Resent-CC: bug-guix@gnu.org Resent-Date: Thu, 04 Aug 2022 11:09:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 56971 X-GNU-PR-Package: guix X-GNU-PR-Keywords: To: muradm , 56971@debbugs.gnu.org Cc: control@debbugs.gnu.org Received: via spool by 56971-submit@debbugs.gnu.org id=B56971.16596112896403 (code B ref 56971); Thu, 04 Aug 2022 11:09:02 +0000 Received: (at 56971) by debbugs.gnu.org; 4 Aug 2022 11:08:09 +0000 Received: from localhost ([127.0.0.1]:51418 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1oJYi1-0001fB-2w for submit@debbugs.gnu.org; Thu, 04 Aug 2022 07:08:09 -0400 Received: from mailrelay.tugraz.at ([129.27.2.202]:22771) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1oJYhy-0001ey-Ba; Thu, 04 Aug 2022 07:08:07 -0400 Received: from lprikler-laptop.ist.intra (gw.ist.tugraz.at [129.27.202.101]) by mailrelay.tugraz.at (Postfix) with ESMTPSA id 4Lz5YZ40yCz1LX55; Thu, 4 Aug 2022 13:08:02 +0200 (CEST) DKIM-Filter: OpenDKIM Filter v2.11.0 mailrelay.tugraz.at 4Lz5YZ40yCz1LX55 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=tugraz.at; s=mailrelay; t=1659611282; bh=fAtWVJ1a/HiXTuLhmLuKHny1WNzS6phcFHa0PCKyLRY=; h=Subject:From:To:Cc:Date:In-Reply-To:References:From; b=P5JlhKlM9I4frLW42tjdiWAs0IgKExAk54O2eo0Ofsm/W5iQS8jKkMuayix8Xbn05 iaIH70WJTjLz7T3NLqI6+o2/m0rCa5lavNsstPj2Vz44M+AXUhXoKkfm4VrdwVrXCB QwgxPcZhiYno5WnjTqDbLR04aFkn7CPwQa9CBUIA= Message-ID: From: Liliana Marie Prikler Date: Thu, 04 Aug 2022 13:08:01 +0200 In-Reply-To: <87czdg2unf.fsf@muradm.net> References: <87czdg2unf.fsf@muradm.net> Content-Type: text/plain; charset="UTF-8" User-Agent: Evolution 3.42.1 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-TUG-Backscatter-control: waObeELIUl4ypBWmcn/8wQ X-Scanned-By: MIMEDefang 2.74 on 129.27.10.117 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: bug-guix@gnu.org List-Id: Bug reports for GNU Guix List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-guix-bounces+larch=yhetil.org@gnu.org Sender: "bug-Guix" X-Migadu-Flow: FLOW_IN X-Migadu-To: larch@yhetil.org X-Migadu-Country: US ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1659611379; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding:resent-cc: resent-from:resent-sender:resent-message-id:in-reply-to:in-reply-to: references:references:list-id:list-help:list-unsubscribe: list-subscribe:list-post:dkim-signature; bh=fAtWVJ1a/HiXTuLhmLuKHny1WNzS6phcFHa0PCKyLRY=; b=DAtmQ8b+7oEAe0Apd/E/3ccELw0hC/s1Kq8vQ2R93iZyzVSq/hajH6b2cEfhQUaYECBzm1 0dcuL6/3X0eBPElqD2gB8Sygeu1WzYIV9mOUx+B2SrpZdtbXuCW4wSVeIybCI4bIKgkgGW RzzcAqLj6vhUDnb0vFwP1bOR41OI9sYyXZKUUMz1PhJgP2Wl8vC3HdlvxgzPYzvRO8F0Nz 1x7JbFW3cMJT8SFEFsQrUNlMNfcNunG4hOCBsAG3ElQDK+KPe79c+XJWV+XLqw/UnhKZrm Rm3n1wvZFv2ulZAWbFx8ORhqypEPpx1hZfTMP1tIDUbqO7hMuT5HJ8ar7eBERw== ARC-Seal: i=1; s=key1; d=yhetil.org; t=1659611379; a=rsa-sha256; cv=none; b=Mdu+rUAcQLTmUh7NGhwCGNbZeQZT2eTohhlW8i/x8noGwVDar/JaSUfLTWUKW5YhcpZK1a JtNzj7FXVauAJY48cOGDgjgT4iGOiZuQyaG1Y44VBwPZCTdiDSb34rcUGy7wMY0/zIrEie r9zVF0CzDWBakG3Zg/zz8S2OLdS9Qq4vTkkYtRSH7cY5xLBtqoItxAexaBh7g+v6J1l43h J0ysT/kMDL9rl9RzKephOGx2opTodzdNk0C4dB3FQ7E3MyGqVajaYjtg1UE9Cht9SMwWS8 I191nTZJV2W4lqli4ZlLnp7YfNwD/kGi4iu2qf75D/x+4WKVtkqxx1aXNA/Dew== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=tugraz.at header.s=mailrelay header.b=P5JlhKlM; dmarc=fail reason="SPF not aligned (relaxed)" header.from=tugraz.at (policy=none); spf=pass (aspmx1.migadu.com: domain of "bug-guix-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="bug-guix-bounces+larch=yhetil.org@gnu.org" X-Migadu-Spam-Score: 7.39 Authentication-Results: aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=tugraz.at header.s=mailrelay header.b=P5JlhKlM; dmarc=fail reason="SPF not aligned (relaxed)" header.from=tugraz.at (policy=none); spf=pass (aspmx1.migadu.com: domain of "bug-guix-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="bug-guix-bounces+larch=yhetil.org@gnu.org" X-Migadu-Queue-Id: CE781414F4 X-Spam-Score: 7.39 X-Migadu-Scanner: scn1.migadu.com X-TUID: v13vMQW2Eu0k block 56971 by 56690 56699 thanks Hi muradm, Am Donnerstag, dem 04.08.2022 um 12:45 +0300 schrieb muradm: > [...] greeter (e.g. gtkgreet) requiring communication > with seatd is failing to start, causing "black screen" > behavior on active terminal (switching to the other non seatd > related terminal is possible, for manual permissions > adjustment as workaround). > > To address this issue, we need more flexible control over > seatd user/group, which creates seatd.sock, and greeter user > which connects to seatd.sock. Okay. > However, not all greeters require that, so I decided to make > more flexible. Flexibility for its own sake is not always the right solution. On the other hand, looking at the two patches, it appears they are to be used in combination? > Propsed solutions consists of: > > * 56690 - gnu: seatd-service-type: Should use seat group. > With this change, if seatd-service-type is present in the > system configuration, "seat" group will be added, and seatd > will run as root/seat. Group is configurable, but default is > "seat". Why just the group and no user? Is it not possible to launch seatd as non-root? > * 56699 - gnu: greetd-service-type: Add greeter-extra-groups >   config field. > With this change, if user wants to use seatd-service-type with > greeter requiring seatd.sock, he can add "seat" group to > greeter-extra-groups field. Note that you still have a TODO on that patch. Cheers