Consolekit/systemd seat management - sensible, or a waste of time?

Discussion in 'all things UNIX' started by Gullible Jones, Apr 16, 2012.

Thread Status:
Not open for further replies.
  1. Gullible Jones

    Gullible Jones Guest

    The Linux desktop is currently developing seat management, formerly through ConsoleKit and now through systemd. This allows certain privileges to be added or revoked depending on whether a user is logged in locally or e.g. over SSH. Prior to this, a user logged in over SSH who was e.g. a member of the powerdev group, on a Debian system running HAL, could shut down the host computer remotely.

    The problem with the ConsoleKit/systemd seat management is that it horribly breaks things on a lot of distros. For instance, on Debian, it's been impossible to get automount privileges when starting X from the console for over a year, unless you deliberately work around the seat management with a custom PolKit configuration. Otherwise, file managers like PCManFM simply will not mount external drives unless you log in through GDM/KDM/etc.

    My question is, is seat management actually worth all this breakage? It seems like a good idea, but in most cases I fail to see its value.

    - If you're running a server, AFAIK limited users should never have power management or arbitrary drive mounting privileges. So it should be moot, right?

    - If you're SSHing into a workstation or desktop, there's no real harm in being able to mount drives or turn off the machine remotely. Actually, probably better to let you do so without root privileges, I would think!

    - If you've got a hostile party logged in remotely to your desktop, workstation, or server, revoking stuff like automount and power management privileges is probably not going to limit the damage very much - the bad guy will still have access to your user account and your data!

    Furthermore, for situations where you want to place arbitrary, fine-grained limits on the privileges of remote users, it looks to me like MAC frameworks (SELinux, AppArmor, etc.) offer much better security and flexibility.

    IOW this whole seat management thing is looking to me like a case of needless overengineering. Any thoughts? Is my ignorance showing here?
     
    Gullible Jones, Apr 16, 2012
    #1
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...