what is keeping per-user state outside of user's $HOME ?

John Ellson john.ellson at comcast.net
Thu Sep 11 17:03:33 UTC 2008


Jeff Spaleta wrote:
> On Thu, Sep 11, 2008 at 7:30 AM, John Ellson <john.ellson at comcast.net> wrote:
>   
>>> Are you sure it's not a ConsoleKit interaction making the session think
>>> your user isn't at the console?
>>>
>>>
>>>       
>> Only if ConsoleKit is keeping per user-state.   If I login at the console as
>> any other user I get the Lock Screen menu item.
>>     
>
> Taking a quick look at the authorizations gui on my F9 system, you can
> in fact do grants and blocks for individual users, but I don't see
> anything in the list of possible authorization targets which is lock
> screen. Rawhide could have added that however.
>
> I still don't understand PolicyKit/ConsoleKit well enough to help you
> track it down in the filesystem with 100% confidence.  But I would
> suspect that you should look in /var/lib/PolicyKit/ and
> /var/lib/PolicyKit-public/   for per-user authorization rules if they
> existed.
>
> Hope this helps.
>
> -jef
>
>   

There is a /var/lib/PolicyKit/user-ellson.auths  but  removing it makes 
no difference.
That file talks about using polkit-auth

Running polkit-auth as user ellson generates a long list of stuff:
    org.freedesktop.hal.dockstation.undock
    org.freedesktop.hal.device-access.sound
    org.freedesktop.hal.device-access.video4linux
    org.freedesktop.hal.device-access.cdrom
    ...

Where does it get this from?  Removing 
/var/lib/PolicyKit/user-ellson.auths doesn't change the output.
Running it in another user's account generates different, empty, output.

"polkit-auth --show-obtainable"    doesn't offer any obvious token for 
enabling LockScreen.



-- 
John Ellson




More information about the fedora-devel-list mailing list