glfs/postlfs/security/consolekit.xml

411 lines
13 KiB
XML
Raw Normal View History

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
<!ENTITY % general-entities SYSTEM "../../general.ent">
%general-entities;
<!ENTITY consolekit-download-http "&sources-anduin-http;/c/ConsoleKit-&consolekit-version;.tar.xz">
<!ENTITY consolekit-download-ftp " ">
<!ENTITY consolekit-md5sum "6aaadf5627d2f7587aa116727e2fc1da">
<!ENTITY consolekit-size "356 KB">
<!ENTITY consolekit-buildsize "8.0 MB">
<!ENTITY consolekit-time "0.3 SBU">
]>
<sect1 id="consolekit" xreflabel="ConsoleKit-&consolekit-version;">
<?dbhtml filename="consolekit.html"?>
<sect1info>
<othername>$LastChangedBy$</othername>
<date>$Date$</date>
</sect1info>
<title>ConsoleKit-&consolekit-version;</title>
<indexterm zone="consolekit">
<primary sortas="a-ConsoleKit">ConsoleKit</primary>
</indexterm>
<sect2 role="package">
<title>Introduction to ConsoleKit</title>
<para>
The <application>ConsoleKit</application> package is a framework for
keeping track of the various users, sessions, and seats present on a system.
It provides a mechanism for software to react to changes of any of these
items or of any of the metadata associated with them.
</para>
&lfs77_checked; &gcc5_built;
<bridgehead renderas="sect3">Package Information</bridgehead>
<itemizedlist spacing="compact">
<listitem>
<para>
Download (HTTP): <ulink url="&consolekit-download-http;"/>
</para>
</listitem>
<listitem>
<para>
Download (FTP): <ulink url="&consolekit-download-ftp;"/>
</para>
</listitem>
<listitem>
<para>
Download MD5 sum: &consolekit-md5sum;
</para>
</listitem>
<listitem>
<para>
Download size: &consolekit-size;
</para>
</listitem>
<listitem>
<para>
Estimated disk space required: &consolekit-buildsize;
</para>
</listitem>
<listitem>
<para>
Estimated build time: &consolekit-time;
</para>
</listitem>
</itemizedlist>
<bridgehead renderas="sect3">ConsoleKit Dependencies</bridgehead>
<bridgehead renderas="sect4">Required</bridgehead>
<para role="required">
<xref linkend="dbus-glib"/> and
<xref linkend="xorg7-lib"/>
</para>
<bridgehead renderas="sect4">Recommended</bridgehead>
<para role="recommended">
<xref linkend="linux-pam"/> and
<xref linkend="polkit"/>
</para>
<warning>
<para>
If you intend <emphasis role="strong">NOT</emphasis> to install
<application>polkit</application>, you will need to manually edit the
ConsoleKit.conf file to lock down the service. Failure to do so may be a
huge SECURITY HOLE.
</para>
</warning>
<bridgehead renderas="sect4">Optional</bridgehead>
<para role="optional">
<xref linkend="xmlto"/>
</para>
<para condition="html" role="usernotes">User Notes:
<ulink url="&blfs-wiki;/consolekit"/>
</para>
</sect2>
<sect2 role="installation">
<title>Installation of ConsoleKit</title>
<para>
Install <application>ConsoleKit</application> by running the following
commands:
</para>
<screen><userinput>./configure --prefix=/usr \
--sysconfdir=/etc \
--localstatedir=/var \
--enable-udev-acl \
--enable-pam-module \
--with-systemdsystemunitdir=no &amp;&amp;
make</userinput></screen>
<para>
This package does not come with a test suite.
</para>
<para>
Now, as the <systemitem class="username">root</systemitem> user:
</para>
<screen role="root"><userinput>make install</userinput></screen>
</sect2>
<sect2 role="commands">
<title>Command Explanations</title>
<para>
<parameter>--enable-udev-acl</parameter>: This switch enables building of
the <command>udev-acl</command> tool, which is used to allow normal users
to access device nodes normally only accessible to
<systemitem class="username">root</systemitem>.
</para>
<para>
<parameter>--enable-pam-module</parameter>: This switch enables building
of the <application>ConsoleKit</application>
<application>PAM</application> module which is needed for
<application>ConsoleKit</application> to work correctly with
<application>PAM</application>. Remove if
<application>Linux PAM</application> is
<emphasis role="strong">NOT</emphasis> installed.
</para>
<para>
<parameter>--with-systemdsystemunitdir=no</parameter>: Disable
attempting to build with systemd libraries.
</para>
<para>
<option>--enable-docbook-docs</option>: Use this switch if
<application>xmlto</application> is installed and you wish to
build the API documentation.
</para>
</sect2>
<sect2 role="configuration">
<title>Configuring ConsoleKit</title>
<sect3>
<title>PAM Module Configuration</title>
<para>
If you use <application>Linux PAM</application>, it needs to be
configured to activate <application>ConsoleKit</application> upon user
login. This can be achieved by editing the
<filename>/etc/pam.d/system-session</filename> file as the <systemitem
class="username">root</systemitem> user:
</para>
<screen role="root"><userinput>cat &gt;&gt; /etc/pam.d/system-session &lt;&lt; "EOF"
<literal># Begin ConsoleKit addition
session optional pam_loginuid.so
session optional pam_ck_connector.so nox11
# End ConsoleKit addition</literal>
EOF</userinput></screen>
<para>
You will also need a helper script that creates a file in
<filename class="directory">/var/run/console</filename>
named as the currently logged in user and that contains the
<application>D-Bus</application> address of the session. You
can create the script by running the following commands as
the <systemitem class="username">root</systemitem> user:
</para>
<screen role="root"><userinput>cat &gt; /usr/lib/ConsoleKit/run-session.d/pam-foreground-compat.ck &lt;&lt; "EOF"
#!/bin/sh
TAGDIR=/var/run/console
[ -n "$CK_SESSION_USER_UID" ] || exit 1
[ "$CK_SESSION_IS_LOCAL" = "true" ] || exit 0
TAGFILE="$TAGDIR/`getent passwd $CK_SESSION_USER_UID | cut -f 1 -d:`"
if [ "$1" = "session_added" ]; then
mkdir -p "$TAGDIR"
echo "$CK_SESSION_ID" &gt;&gt; "$TAGFILE"
fi
if [ "$1" = "session_removed" ] &amp;&amp; [ -e "$TAGFILE" ]; then
sed -i "\%^$CK_SESSION_ID\$%d" "$TAGFILE"
[ -s "$TAGFILE" ] || rm -f "$TAGFILE"
fi
EOF
chmod -v 755 /usr/lib/ConsoleKit/run-session.d/pam-foreground-compat.ck</userinput></screen>
<para>
See /usr/share/doc/ConsoleKit/spec/ConsoleKit.html for more
configuration.
</para>
</sect3>
</sect2>
<sect2 role="content">
<title>Contents</title>
<segmentedlist>
<segtitle>Installed Programs</segtitle>
<segtitle>Installed Libraries</segtitle>
<segtitle>Installed Directories</segtitle>
<seglistitem>
<seg>
ck-history, ck-launch-session, ck-list-sessions,
ck-log-system-restart, ck-log-system-start,
ck-log-system-stop and console-kit-daemon
</seg>
<seg>
libck-connector.so and pam_ck_connector.so
</seg>
<seg>
/etc/ConsoleKit,
/usr/include/ConsoleKit,
/usr/lib/ConsoleKit,
/usr/share/doc/ConsoleKit and
/var/log/ConsoleKit
</seg>
</seglistitem>
</segmentedlist>
<variablelist>
<bridgehead renderas="sect3">Short Descriptions</bridgehead>
<?dbfo list-presentation="list"?>
<?dbhtml list-presentation="table"?>
<!--
<varlistentry id="ck-history">
<term><command>ck-history</command></term>
<listitem>
<para>does this .....</para>
<indexterm zone="consolekit ck-history">
<primary sortas="b-ck-history">ck-history</primary>
</indexterm>
</listitem>
</varlistentry>
<varlistentry id="ck-launch-session">
<term><command>ck-launch-session</command></term>
<listitem>
<para>does this .....</para>
<indexterm zone="consolekit ck-launch-session">
<primary sortas="b-ck-launch-session">ck-launch-session</primary>
</indexterm>
</listitem>
</varlistentry>
-->
<varlistentry id="ck-list-sessions">
<term><command>ck-list-sessions</command></term>
<listitem>
<para>list sessions with respective properties. Also good for
debugging purposes.</para>
<indexterm zone="consolekit ck-list-sessions">
<primary sortas="b-ck-list-sessions">ck-list-sessions</primary>
</indexterm>
</listitem>
</varlistentry>
<!--
<varlistentry id="ck-log-system-restart">
<term><command>ck-log-system-restart</command></term>
<listitem>
<para>does this .....</para>
<indexterm zone="consolekit ck-log-system-restart">
<primary sortas="b-ck-log-system-restart">ck-log-system-restart</primary>
</indexterm>
</listitem>
</varlistentry>
<varlistentry id="ck-log-system-start">
<term><command>ck-log-system-start</command></term>
<listitem>
<para>does this .....</para>
<indexterm zone="consolekit ck-log-system-start">
<primary sortas="b-ck-log-system-start">ck-log-system-start</primary>
</indexterm>
</listitem>
</varlistentry>
<varlistentry id="ck-log-system-stop">
<term><command>ck-log-system-stop</command></term>
<listitem>
<para>does this .....</para>
<indexterm zone="consolekit ck-log-system-stop">
<primary sortas="b-ck-log-system-stop">ck-log-system-stop</primary>
</indexterm>
</listitem>
</varlistentry>
<varlistentry id="console-kit-daemon">
<term><command>console-kit-daemon</command></term>
<listitem>
<para>is the <application>ConsoleKit</application> daemon.</para>
<indexterm zone="consolekit console-kit-daemon">
<primary sortas="b-console-kit-daemon">console-kit-daemon</primary>
</indexterm>
</listitem>
</varlistentry>
<varlistentry id="ck-collect-session-info">
<term><command>ck-collect-session-info</command></term>
<listitem>
<para>does this .....</para>
<indexterm zone="consolekit ck-collect-session-info">
<primary sortas="b-ck-collect-session-info">ck-collect-session-info</primary>
</indexterm>
</listitem>
</varlistentry>
<varlistentry id="ck-get-x11-display-device">
<term><command>ck-get-x11-display-device</command></term>
<listitem>
<para>does this .....</para>
<indexterm zone="consolekit ck-get-x11-display-device">
<primary sortas="b-ck-get-x11-display-device">ck-get-x11-display-device</primary>
</indexterm>
</listitem>
</varlistentry>
<varlistentry id="ck-get-x11-server-pid">
<term><command>ck-get-x11-server-pid</command></term>
<listitem>
<para>does this .....</para>
<indexterm zone="consolekit ck-get-x11-server-pid">
<primary sortas="b-ck-get-x11-server-pid">ck-get-x11-server-pid</primary>
</indexterm>
</listitem>
</varlistentry>
<varlistentry id="ck-system-restart">
<term><command>ck-system-restart</command></term>
<listitem>
<para>does this .....</para>
<indexterm zone="consolekit ck-system-restart">
<primary sortas="b-ck-system-restart">ck-system-restart</primary>
</indexterm>
</listitem>
</varlistentry>
<varlistentry id="ck-system-stop">
<term><command>ck-system-stop</command></term>
<listitem>
<para>does this .....</para>
<indexterm zone="consolekit ck-system-stop">
<primary sortas="b-ck-system-stop">ck-system-stop</primary>
</indexterm>
</listitem>
</varlistentry>
<varlistentry id="libck-connector">
<term><filename class='libraryfile'>libck-connector.so</filename></term>
<listitem>
<para>contains functions that .....</para>
<indexterm zone="consolekit libck-connector">
<primary sortas="c-libck-connector">libck-connector.so</primary>
</indexterm>
</listitem>
</varlistentry>
<varlistentry id="pam_ck_connector">
<term><filename class='libraryfile'>pam_ck_connector.so</filename></term>
<listitem>
<para>contains functions that .....</para>
<indexterm zone="consolekit pam_ck_connector">
<primary sortas="c-pam_ck_connector">pam_ck_connector.so</primary>
</indexterm>
</listitem>
</varlistentry>
-->
</variablelist>
</sect2>
</sect1>