Crabs's World : Give at_console right for D-bus with Slackware 12.1 and xdm

Warning Only for Slackware 12.1 Warning

Need a simimlar work for Slackware Linux 12.2, please see Give at_console right for D-bus with Slackware 12.2 and xdm.

What's the problem

With XFCE or KDE, the Slackware Linux (« out of the box ») sends the following message to an user when he tries to mount an CD, DVD or USB stick :

A security policy in place prevents this sender from sending
this message to this recipient, see message bus
configuration file (rejected message had interface
"org.freedesktop.Hal.Device.Volume" member "Mount" error
name "(unset)" destination "org.freedesktop.Hal")

There is other little permission problems for access to video or audio devices, power down the computer... when you use XDM or KDM as graphical login manager on your Linux box.

A classic solution

Administrator can add to the user account the following secondary groups: floppy, audio, video, cdrom, power and plugdev.

It is a worthly and unsecure solution with lot of Unix box and more unsecure with a network directory as LDAP. It's not a troll about LDAP, with this resolution, all users can stop all client of the LDAP of your network (file server, HPC cluster...), when they obtain this groups trough LDAP...

An amazing resolution

To found it, I will hack the source code of D-BUS at the research of the at_console rule...

Use non-graphical login and create a file with the same name as the login name of the connected user in the directory /var/run/console. Create the directory if necessary.

Then start the graphical environment with startx, the user can work normaly with floppy, CD, DVD...

This resolution it's the result of my experimental investigation for trying to give the « at_console » permission for D-BUS and HAL.

The right way

Only to solve this problem... Who as say « PAM » ? I don't know what is the way of Slackware with PAM, but PAM is not « out of the box » and I can't found PAM in extra directory... Excuse the troublemaker and be serious now...

To solve the problem, I offer you to adapt XDM with the following features:

create the approriate file in /var/run/console after a successful login on the console
delete this file after logout
add secondary groups like the work of the « Shadow Password Suite » with CONSOLE_GROUPS defined in the /etc/login.defs file.

To follow this way, after apply all commands describe in this article, administrator must install an upgrade to XDM on the Linux box and modify the configuration file /etc/X11/xdm/xdm-config by adding a new resource that define the secondary groups added after a successful login on the console. Example:

DisplayManager.consoleGroups:   floppy,audio,video,cdrom,power

But the first step for this work is to construct the new package of XDM.

A similary work can be done in the « Shadow Password Suite », but I don't found where is the end of the session, which is necessary to delete the file in /var/run/console directory.

How to modify XDM for this work ?

To Keep It Simple and Stupid, when just adapt the build of XDM by adding or modifying some files in the source tree provided by Slackware.

You can download this file in this tar files : dbus_at_console_xdm.tar. The GPL applies to all files in the archive. Follow a little explains of the modifications :

build/xdm (modified): change content to « 2crabs » for upgradepkg
patch/xdm/config_xdm-config_cpp.diff.gz (new): add an example for the new resource value
patch/xdm/dm_h.diff.gz (new): declare the new global variable for the storage of the new resource value
patch/xdm/resource_c.diff.gz (new): extract the value of the new resource
patch/xdm/session_c.diff.gz (new): the real work in three steps:
- after login, create the file in /var/run/console directory
- delete the file after logout
- add if necessary the groups listed in the new resource
patch/xdm.patch (new): this file apply the above patches during the build of XDM
post-install/xdm/Xsetup_0 (modified): delete all files in /var/run/console directory if their names are user's loginname
slack-desc/xdm (modified): add a comment to prevent administrators that this is not the standard package of XDM

« modified » siginify that the file exists in the source tree and will be remplaced by the file of the archive, « new » signify that the file will be added in the source tree.

Now, it's time to apply the modications before building the new package and installing it.

# cd new_working_directory

# export TMP=`pwd`

After the mount of the SlackDVD

# cp -r /media/SlackDVD/source/x/x11 x11

# cd x11

# tar xf download_directory/dbus_at_console_xdm.tar

You must be root

# ./x11.SlackBuild app xdm

# cd ../x11-build

You can found here the new package

# upgradepkg xdm-1.1.7-i486-2crabs.tgz

Configure the box

# cd /etc/X11/xdm

# cp xdm-session.new xdm-session

if the « runlevel » is 4 (graphic)

# init 3

Do the following action only if GDM is installed

# chmod -x /usr/bin/gdm

# chmod -x /usr/bin/kdm

The new XDM will be started

# init 4

You must verify the content of /etc/X11/xdm/xdm-config and if necessary replace it with xdm-config.new and check the value of the resource before « init 4 ».

You can found a similary article in french at this page: D-BUS : at_console avec XDM et Slackware 12.1

Site :	Crabs's World
Title :	Give at_console right for D-bus with Slackware 12.1 and xdm
Date :	September 28, 2008
Author :	Christophe Cazajus (fr)
Mail :	crabs(put only @)crabs-world.com, prefer to use this form for contact me
Keywords :	crabs, linux, slackware, D-BUS, XDM, slackware, slackware 12.1, hal, plugdev, console groups, at_console, pam_console
Description :	How to give to the user connected at the console all rights given by the at_console dbus-rule with xdm.
Validators :	html, css