Summary: | Add user filter | ||
---|---|---|---|
Product: | accountsservice | Reporter: | Robert Ancell <robert.ancell> |
Component: | general | Assignee: | Matthias Clasen <mclasen> |
Status: | RESOLVED DUPLICATE | QA Contact: | |
Severity: | normal | ||
Priority: | medium | CC: | joudanzuki, oliver.henshaw, rstrode |
Version: | unspecified | ||
Hardware: | Other | ||
OS: | All | ||
See Also: |
https://launchpad.net/bugs/857651 https://bugzilla.gnome.org/show_bug.cgi?id=655075 https://bugs.freedesktop.org/show_bug.cgi?id=44408 |
||
Whiteboard: | |||
i915 platform: | i915 features: |
Description
Robert Ancell
2011-10-17 19:54:38 UTC
I've been asking around to find out why you'd not want to log into certain accounts. The cases I've head so far are: - System users showing up (e.g. mysql. This seems like an OS bug) - Running a server and having remote logins. There may be accounts that you want to log into to control the server (i.e. over SSH) but not graphically. The last case makes it sound like there potentially should be a per-seat filter. My use case is a separate account used to develop or to build packages. This provides environmental isolation from the everyday user account and some security - the separate account might have additional system privileges or private keys. For example: Mock - http://fedoraproject.org/wiki/Projects/Mock#Build_User kde development - using (now outdated, i think) advice such as at http://techbase.kde.org/Getting_Started/Build/KDE4_%28bn_IN%29#Create_a_user_account_for_KDE4_development A test account for a very old version of amarok with X forwarding Accounts that can only be accessed by ssh or that don't make sense to log in directly (and are just noise for other users on the machine) but that are otherwise still normal user accounts with home directories and that don't really belong in the system account pid range. Arguably some of this is better handled by virtual machines nowadays; but the separate build user case for mock is, I believe, still strong. And the ssh keys in a separate account case is reasonable, isn't it? To cut through some of the guff, this use case boils down to - Accounts intended for local ssh logins. They may have privileges or contain secrets not suitable for day-to-day use. and perhaps - Testing accounts that users at the greeter don't need to be bothered with (whether on a single-owner or a shared machine). Not for security, just aesthetics. Add a case for users defined but not allowed to log in: Certain kinds of sandbox users, for example users which are sudo switched to, to perform actions which one might not like to perform as a regular user with login capability. This is a traditional admin technique, actually. I find it incredibly annoying that this dbus daemon does not just have a config file. It's even worse that it used the GDM config file to get info about automatic login. What's wrong with a config file with something like the following format (I can work on implementation but I don't want to do the work if it has no chance at being accepted by Mathias): [Cache] min_uid = 1000 max_uid = 10000 exclude = space separated list of users include = space separated list of users cache_max = 5 [AutoLogin] user = someuser See bug 40020 for other discussion about potentially creating a separate config file. Excluding accounts from the accountsservice listing is not the right solution. It would also make these accounts disappear from the user panel - and you probably want to be able to edit them there. This can either be a display manager configuration, or it can be a per-user hide-from-userlist flag that display managers can consult, but defining the exact semantics of that flag would need some thought. |
Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.