gnome for system administrators jessie edition
play

GNOME for system administrators Jessie edition Mini Debconf Lyon - PowerPoint PPT Presentation

Apr 13, 2023 •247 likes •538 views

GNOME for system administrators Jessie edition Mini Debconf Lyon 2015 12 april 2015 Introduction Debian is awesome to use in a 1000+ machines environment Automated deployment tools Customization: custom APT repositories

  1. GNOME for system administrators Jessie edition Mini Debconf Lyon 2015 12 april 2015

  2. Introduction  Debian is awesome to use in a 1000+ machines environment  Automated deployment tools  Customization: custom APT repositories  Administration tools, and our famous reliability!  Workstations are a good use case, with GNOME as the desktop  The easy way: leave users with self-administration permissions → But it doesn’t scale very well in terms of support  The secure way: standard workstations with no specific permissions  In order to ship the best systems for users:  How does GNOME actually work on the inside?  Where are important places to look for a configuration / a problem?  What can I tweak on my systems?

  3. OUTLINE 1. 5. The base plumbing for the desktop Networking with GNOME DBus, PolicyKit NetworkManager The virtual filesystem stack 2. Systemd services 6. logind, journald… Hardware access PulseAudio Printing 3. User settings Power management GSettings and dconf Menus and applications 7. Miscellanea PackageKit 4. Login and password management Using the plumbing in custom scripts The GNOME display manager Deploying the configuration on workstations Accountsservice The keyring

  4. GNOME 2.30 (squeeze) GNOME 3.4 (wheezy) GNOME 3.14 (jessie)

  5. Started by dbus.service D-Bus at boot System System dbus-daemon service Application Session Session $DBUS_SESSION dbus-daemon service _BUS_ADDRESS Started by /etc/X11/Xsession.d  D-Bus is the basis for inter-process with the session communications between GNOME applications and the underlying system  Based on a typed messaging system over Unix sockets  Implements an asynchronous RPC mechanism  Services can either  Start by themselves and register a name, e.g. org.freedesktop.NetworkManager → systemd handles the case with Type=dbus  Be auto-spawned by the DBus daemon → /usr/share/dbus-1/services/*.service → /usr/share/dbus-1/system-services/*.service  Basic permissions management for system services in /etc/dbus-1/*.conf  Most relevant daemons use PolicyKit instead

  6. Examining your system with D-Feet

  7. PolicyKit  PolicyKit adds rich permissions management to a system D-Bus service  Can wrap any D-Bus call, invisible from the application Once PolicyKit Wrapped D-Bus Application authorized wrapper service Is this user Logind active? see later User PolicyKit agent Authentication gnome-shell registers to required org.freedesktop.PolicyKit1 Default policy /usr/share/polkit-1/actions/*.policy /etc/polkit-1 Which password is asked ? The root password or the current user’s ? It depends on the configuration: /etc/polkit-1/localauthority.conf.d AdminIdentities=unix-group: admins ;unix-user: joe Debian default: the sudo group

  8. Tuning the default policy  Policy tuning is done either with JavaScript files or PKLA (ini-like) files → Depending on the distribution choices  Debian uses PKLA. You can create /etc/polkit-1/localauthority/30-site.d/my-config.pkla  [Allow users to shutdown, even when someone else’s application asks not to] Identity=* Action=org.freedesktop.login1.power-off-ignore-inhibit ResultAny=no ResultActive is for the user ResultInactive=no physically logged on ResultActive=yes  [Let some users change the CPU frequency by hand] Identity=unix-group:benchmarks Action=org.gnome.CPUFreqSelector Group selection ResultAny=no ResultInactive=no ResultActive=yes  [Let a user install any package from the repository using PackageKit] Identity=unix-user:joss Action=org.freedesktop.packagekit.package-install ResultAny=no ResultInactive=no Ask the user’s own password ResultActive=auth_self

  9. Systemd services: logind  Logind is the daemon that brings reliable session management on top of the existing kernel and system infrastructure.  Manages seats and their mapping with hardware components  Tells which session is active on which VT and which seat → Try the CLI interface: loginctl  Tells which session a process belongs to (using systemd cgroups)  Manages device permissions (see /lib/udev/rules.d/70-uaccess.rules) → Sets permissions dynamically on a number of devices like /dev/snd/* → Most specific groups (audio, video, netdev…) are obsolete. udev systemd cgroups uaccess (PID 1) (kernel) getty Seat tagging cgroup … pam_systemd /dev management GDM logind activate session GNOME request shutdown/reboot shell User get unlocked applications

  10. Systemd services: the journal systemd cgroups (PID 1) (kernel) system services identify … syslog services standard output/error GDM journald rsyslog journald protocol User  adduser joe systemd-journal applications → gnome-logs

  11. Other systemd services  Timedated and timesyncd  Sets date/time  Switches time zones  Enables NTP support (systemd-timesyncd)  Hostnamed  Sets the host name  Localed  Sets the default system locale  Not directly used by GNOME (see later accountsservice)  All of them are accessed using simple D-Bus services with PolicyKit authentication

  12. User settings in GNOME 3.x: GSettings User binary store Application libgio (gvdb format) reads ~/.config/dconf/user writes System binary stores Dconf daemon (based on .ini-like files) /etc/dconf/{profile,db} Schemas and overrides /usr/share/glib-2.0/schemas  Schemas, defaults and overrides are managed by the client  Dconf is optimized for speed: direct reads, binary database (GVDB) I don’t like those beeps  Changing a user setting:  gsettings set org.gnome.desktop.sound event-sounds false  Listing all settings:  gsettings list-recursively org.gnome.nautilus  There is also dconf-editor

  13. Tuning GSettings in a package  Ship an override file in debian/ package .gsettings-override dh_installgsettings --priority=90  # Custom background You can also use XML files for evolving backgrounds [org.gnome.desktop.background] or multiple resolutions picture-options='zoom' picture-uri='file:///my/nice/picture.svg'  # Squeeze-like icons on the desktop [org.gnome.desktop.background] show-desktop-icons=true The GTK theme needs to have the same name  # I haz a theme for GTK+ 2.0 and 3.0 [org.gnome.desktop.interface] gtk-theme='FabulousTheme' icon-theme='WonderfulIcons' [org.gnome.desktop.wm.preferences] theme='CoolBorders'  # Default applications and extensions in the shell [org.gnome.shell] favorite-apps=['evolution.desktop', 'libreoffice-impress.desktop', …..] enabled-extensions=['apps-menu@gnome-shell-extensions.gcampax.github.com']

  14. Dconf: default and mandatory system settings  Configure a system database: /etc/dconf/profile user-db:user system-db:local  Default settings then go in /etc/dconf/db/local.d/00_my_defaults  # Those users are too dumb, don’t let them do anything [org/gnome/desktop/lockdown] Separator for dconf is / disable-applications-handlers=true (instead of . for GSettings) disable-log-out=true disable-print-setup=true …  Make those defaults mandatory with locks : /etc/dconf/db/local.d/locks/my_locks /org/gnome/desktop/lockdown/disable-applications-handlers /org/gnome/desktop/lockdown/disable-log-out /org/gnome/desktop/lockdown/disable-print-setup …  To update the database : dconf update

  15. Menus and applications  Available applications are described in .desktop files  MimeTypes describe file types the application can open  Virtual x-uri-scheme/* MIME types describe applications which can open URIs  Found in /usr/share/applications  Overriden with $XDG_DATA_DIRS and ~/.local/share/applications  Default MIME associations in Debian: /usr/share/gnome/applications/defaults.list  Overriden the same  Adding/removing MIME associations: datadir /mimeapps.list  Default menu (XDG standard): /etc/xdg/menus/gnome-applications.menu  Applications are affected in submenus using their Categories  Adding new sub-menus: /etc/xdg/menus/applications-merged/my-menu.menu

  16. GDM: the display manager GDM daemon PAM (gdm3) Accounts daemon logind GDM slave Slave (one per display) Before login After GNOME shell login --gdm-mode gnome-session Xorg (as Debian-gdm) Minimal session Configured session Xorg User applications GNOME shell (as user)  GNOME shell uses the same code: → in the login screen (minimal login session) → in the lock screen (formerly screensaver)  Displays are started and closed dynamically

  17. Configuring GDM  Daemon configuration: /etc/gdm3/daemon.conf (Debian-specific)  Enabling autologin, debugging, VT configuration…  XDMCP  The real configuration for the minimal session (Debian-specific)  /etc/gdm3/greeter.gsettings (GSettings format)  In a package: /usr/share/gdm/dconf/50-my-settings (DConf format) + invoke-rc.d gdm3 reload AccountsService Accounts GDM daemon slave  User defaults: language, icon, selected session GNOME control center  Storage: /var/lib/AccountsService  Also provides a D-Bus interface to create and configure accounts → Used by the control center

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Migrating GNOME to Git Migrating GNOME to Git (a human & technical perspective) Frdric

Migrating GNOME to Git Migrating GNOME to Git (a human & technical perspective) Frdric

Migrating GNOME to Git Migrating GNOME to Git (a human & technical perspective) Frdric Pters Frdric Pters <fpeters@gnome.org> <fpeters@gnome.org> Rencontres Mondiales du Logiciel Libre Nantes - 10 juillet 2009

991 views • 49 slides
IT Resources LOPSA League of Professional System Administrators - http://lopsa.org/ SAGE

IT Resources LOPSA League of Professional System Administrators - http://lopsa.org/ SAGE

Resource Recommendations for Communications Soft Skils for Hard Core Geeks IT Resources LOPSA League of Professional System Administrators - http://lopsa.org/ SAGE System Administrators Guild USENIX Sysadm SIG -

361 views • 7 slides
Project administrators RIW system Version 1.0 Agenda Introductions System

Project administrators RIW system Version 1.0 Agenda Introductions System

Project administrators RIW system Version 1.0 Agenda Introductions System differences Permissions Demonstration and training Questions and Answers Introduction Overview of RIW Program The Rail Industry Worker

523 views • 26 slides
Project administrators RIW system Version 1.0 Agenda Introductions System

Project administrators RIW system Version 1.0 Agenda Introductions System

Project administrators RIW system Version 1.0 Agenda Introductions System differences Permissions Demonstration and training Questions and Answers Introduction Overview of RIW Program The Rail Industry Worker

687 views • 29 slides
and the Enterprise User Brian Nitz Software Engineer brian.nitz@sun.com GNOME and the

and the Enterprise User Brian Nitz Software Engineer brian.nitz@sun.com GNOME and the

and the Enterprise User Brian Nitz Software Engineer brian.nitz@sun.com GNOME and the Enterprise User Who uses GNOME? Scientific Medical Education Enterprise Developers Sun Sun's GNOME based products GNOME 1.4

658 views • 34 slides
Continuous integration for GNOME Juan Jos Snchez Penas <jjsanchez@igalia.com> Guadec

Continuous integration for GNOME Juan Jos Snchez Penas <jjsanchez@igalia.com> Guadec

Continuous integration for GNOME Juan Jos Snchez Penas <jjsanchez@igalia.com> Guadec 2006, Vilanova i la Geltr Proposed table of contents What is continuous integration? Why CI for Gnome? History of CI inside the GNOME

239 views • 11 slides
GNOME and the Enterprise User - JDS Ghee Teo & Brian Nitz Sun Microsystems Inc.

GNOME and the Enterprise User - JDS Ghee Teo & Brian Nitz Sun Microsystems Inc.

GNOME and the Enterprise User - JDS Ghee Teo & Brian Nitz Sun Microsystems Inc. Introduction Who are we? Intended Audience CTOs, CIOs, Technical managers Software developers Anyone considering developing/deploying a GNOME-based

455 views • 22 slides
Debian 8.0 AKA jessie Michael Prokop Facts 1/3 Debian 8, codename jessie 2 years

Debian 8.0 AKA jessie Michael Prokop Facts 1/3 Debian 8, codename jessie 2 years

Debian 8.0 AKA jessie Michael Prokop Facts 1/3 Debian 8, codename jessie 2 years after Debian 7, codename wheezy (2013-05-04) Release Date: 2015-04-25 [party!] 75 supported languages 4.841 new source packages

587 views • 19 slides
Digital Photography in the GNOME environment Hubert Figuire <hfiguiere@teaser.fr>

Digital Photography in the GNOME environment Hubert Figuire <hfiguiere@teaser.fr>

Digital Photography in the GNOME environment Hubert Figuire <hfiguiere@teaser.fr> Digital Photography in the GNOME environment 1/17 Digital photography in GNOME Acquiring Managing GNOME Integration Digital Photography in

1.04k views • 17 slides
Time Management for System Administrators www.EverythingSysAdmin.com Top 5 #1 Create a

Time Management for System Administrators www.EverythingSysAdmin.com Top 5 #1 Create a

Hit The Ground Running: Time Management for System Administrators www.EverythingSysAdmin.com Top 5 #1 Create a Mutual Interruption Shield #2 Turn Chaos Into Routines #3 Record All Requests #4 Keep 365 Todo-Lists Each Year #5

553 views • 27 slides
Time Management for System Administrators www.EverythingSysAdmin.com Top 5 #1 Create a

Time Management for System Administrators www.EverythingSysAdmin.com Top 5 #1 Create a

LISA 2010 guru presentation: Time Management for System Administrators www.EverythingSysAdmin.com Top 5 #1 Create a Mutual Interruption Shield #2 Turn Chaos Into Routines #3 Record All Requests #4 Keep 365 Todo-Lists Each Year #5

590 views • 29 slides
Women in Free Software Findings from FLOSSPOLS Anne stergaard aoe@gnome.org Member of

Women in Free Software Findings from FLOSSPOLS Anne stergaard aoe@gnome.org Member of

Women in Free Software Findings from FLOSSPOLS Anne stergaard aoe@gnome.org Member of The GNOME Foundation Board At aKademy 2006, Trinity, Dublin Are women in FLOSS considered as bugs, babes, groupies, or equal partners in their

673 views • 33 slides
Rendering The Future of rendering in GNOME Owen Taylor otaylor@redhat.com GUADEC 5

Rendering The Future of rendering in GNOME Owen Taylor otaylor@redhat.com GUADEC 5

Rendering The Future of rendering in GNOME Owen Taylor otaylor@redhat.com GUADEC 5 Kristiansand, Norway June 28-30, 2004 Outline Current issues A new rendering system Text Alpha Channels Printing Theming Animation

681 views • 33 slides
AbiWord: A CrossPlatform GNOME Office Component Dom Lachowicz <doml@appligent.com>

AbiWord: A CrossPlatform GNOME Office Component Dom Lachowicz <doml@appligent.com>

AbiWord: A CrossPlatform GNOME Office Component Dom Lachowicz <doml@appligent.com> Hubert Figuire <hfiguiere@teaser.fr> 1 Abstract What is AbiWord ? 1.Cross platform Word processor 2.Part of GNOME Office 2

582 views • 25 slides
Practical GNOME Programming with Ruby FOSDEM 2004 Tutorial Laurent Sansonetti - lrz@gnome.org

Practical GNOME Programming with Ruby FOSDEM 2004 Tutorial Laurent Sansonetti - lrz@gnome.org

Practical GNOME Programming with Ruby FOSDEM 2004 Tutorial Laurent Sansonetti - lrz@gnome.org Nikolai Weibull - pcp@pcppopper.org http://ruby-gnome2.sourceforge.jp Ruby-GNOME2 Tutorial, FOSDEM 2004 p.1/26 Goal Our goal is to demonstrate

402 views • 26 slides
Kernel Modules KLD Device Drivers The kld interface allows system administrators to

Kernel Modules KLD Device Drivers The kld interface allows system administrators to

Dynamic Kernel Linker Facility - Kernel Modules KLD Device Drivers The kld interface allows system administrators to dynamically add and remove functionality from a Pseudo device example running system. Joystick device example This

503 views • 8 slides
Positive TAGED with a Bounded Number of Constraints P.-C. Ham, Vincent Hugot, O. Kouchnarenko

Positive TAGED with a Bounded Number of Constraints P.-C. Ham, Vincent Hugot, O. Kouchnarenko

On Positive TAGED with a Bounded Number of Constraints P.-C. Ham, Vincent Hugot, O. Kouchnarenko {pheam,vhugot,okouchna}@femto-st.fr University of Franche-Comt DGA & INRIA/CASSIS & FEMTO-ST (DISC) July 2, 2013 Introduction

758 views • 71 slides
Java Technologies Java EE Security Securing Applications Software Security - Protecting

Java Technologies Java EE Security Securing Applications Software Security - Protecting

Java Technologies Java EE Security Securing Applications Software Security - Protecting applications against malicious / unauthorized actions Desktop What kind of code is executed by the application, on the client machine? Where

702 views • 33 slides
Dawn Song dawnsong@cs.berkeley.edu 1 Primer on Internet Worms (I) First Instance: Morris

Dawn Song dawnsong@cs.berkeley.edu 1 Primer on Internet Worms (I) First Instance: Morris

Automatic Worm Defense (I) Dawn Song dawnsong@cs.berkeley.edu 1 Primer on Internet Worms (I) First Instance: Morris worm (1988) Infected 6000 machines (10% of Internet) $10M for downtime & cleanup Whats a worm?

512 views • 13 slides
Data and Process Modelling 3. Object-Role Modeling - CSDP Step 6 Marco Montali KRDB Research

Data and Process Modelling 3. Object-Role Modeling - CSDP Step 6 Marco Montali KRDB Research

Data and Process Modelling 3. Object-Role Modeling - CSDP Step 6 Marco Montali KRDB Research Centre for Knowledge and Data Faculty of Computer Science Free University of Bozen-Bolzano A.Y. 2014/2015 Marco Montali (unibz) DPM - 3.CDSP-6 A.Y.

257 views • 4 slides
t r t

t r t

t r t r r tts ts r

1.14k views • 46 slides
Planning in Context Planning in the Context of Domain Modelling, Task Assignment and Execution

Planning in Context Planning in the Context of Domain Modelling, Task Assignment and Execution

http://www.inf.ed.ac.uk/teaching/courses/plan/ Planning in Context Planning in the Context of Domain Modelling, Task Assignment and Execution Literature O-Plan Papers http://www.aiai.ed.ac.uk/project/oplan/ Tate, A., Dalton, J. and

634 views • 15 slides
Symbolic Execution Mathy Vanhoef @vanhoefm HITB DXB 2018, Dubai, 27 November 2018 Overview

Symbolic Execution Mathy Vanhoef @vanhoefm HITB DXB 2018, Dubai, 27 November 2018 Overview

Rooting Routers Using Symbolic Execution Mathy Vanhoef @vanhoefm HITB DXB 2018, Dubai, 27 November 2018 Overview Symbolic Execution 4-way handshake Handling Crypto Results 2 Overview Symbolic Execution 4-way handshake Handling Crypto

1.17k views • 88 slides
Encryption and Forensics/Data Hiding Cryptography Background See:

Encryption and Forensics/Data Hiding Cryptography Background See:

1 Encryption and Forensics/Data Hiding Cryptography Background See: http://www.cacr.math.uwaterloo.ca/hac/ For more information 2 Security Objectives Confidentiality (Secrecy): Prevent/Detect/Deter improper disclosure of information

673 views • 35 slides

More recommend