Thanks everyone, the UGROUPS worked, not the way I would like, but it worked. Is there any more documentation for these config files?
I would suggest that the lack of ANY decent installed documentation ( man pages /usr/share/doc/ ) on either consolehelper or usermode be consitered a bug.
Cheers, Eric
Havoc Pennington wrote:
As David says, sometimes this is sort of complicated. e.g. for NetworkManager we changed the architecture to be asking for certain things from the user session, vs. writing out an arbitrary config file.
He's also right that some of the system-config-* aren't desktop oriented at all (or they at least include a bunch of non-desktop stuff in addition)
So the fix may not be as simple as changing the pam setup, but it's still broken right now.
One problem is that if you can run a GTK app as root (anything equivalent to setgid) then you can probably hack that app and do bad stuff, http://gtk.org/setuid.html
So it's probably a requirement in all cases that we split out a backend that runs as root and have the UI separate.
Havoc