~kennylevinsen/seatd#9: 
Something like uaccess from systemd-logind?

udev + logind + uaccess can grant users access to /dev devices while they are logged in by adding user ACL to devices when they are logged in.

udev tags devices with uaccess tag. logind sees uaccess tag and gives logged-in users access to the tagged /dev devices.

This can be convenient and perhaps securer because users don't have to add themselves to supplementary groups.

Status
RESOLVED FIXED
Submitter
~oxygen-cat
Assigned to
No-one
Submitted
7 months ago
Updated
2 months ago
Labels
No labels applied.

~kennylevinsen 6 months ago

We could have a uaccessd or pam_uaccess of sorts. It doesn't need to integrate with seatd or session switching as uaccess can't revoke fds anyway - setting acls on login/logout should be sufficient.

~oxygen-cat 6 months ago

What is seatd for anyway? I installed seatd just to get rid of elogind from my system.

~kennylevinsen 6 months ago

seatd provides an implementation of seat management, which is a feature commonly provided by logind. It is not a goal for seatd to implement every odd an unrelated feature present in logind (like laptop backlight control), as this would simply lead to a bad systemd clone.

Instead, when something can be implemented by another daemon or project instead of being part of seatd, it should (maybe by the same authors as seatd, maybe not). That leads to small modular tools that people can be independently chosen, improved or replaced.

uaccess could simply a PAM module - I don't even think it needs a daemon.

~oxygen-cat 6 months ago

I agree with your sentiment. I just wonder what seat management is and whether I could run sway without seat management.

~kennylevinsen REPORTED FIXED 2 months ago

https://git.sr.ht/~kennylevinsen/pam_uaccess

It's brand new and experimental, and does have a few caveats which may require a daemon to solve, but it might be good enough for most cases.

Register here or Log in to comment, or comment via email.