Devices and permissions
Matias Féliciano
feliciano.matias at free.fr
Wed Oct 20 15:21:10 UTC 2004
Le mercredi 20 octobre 2004 à 16:46 +0200, Alain PORTAL a écrit :
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Le mercredi 20 Octobre 2004 14:16, Matias Féliciano a écrit :
>
> > > So, using /etc/security/console.perms seems the best way.
> > > Here is my purposal:
> > >
> > > # device classes
> > > <serialport>=/dev/ttyS[0-9]
> > > <paralellport>=/dev/parport[0-7]
> > >
> > > # permission definitions
> > > <console> 0600 <serialport> 0660 root.uucp
> > > <console> 0600 <paralellport> 0660 root.lp
> > >
> > > Does it seem right for you?
> > >
> > > How can I add/remove these lines via rpm (un)installation?
> >
> > With Perl, sed ...
>
> Hhmm, not really my cup of tea :-)
>
> > Personally, I don't like that third party package touch security files.
> > Put some instructions in README or INSTALL file and let the
> > administrator do his job :-)
>
> Problem is: is "administrator" reading README or INSTALL files provided by a
> rpm package?
>
Add a warning :
- /dev/ttyS? : Permission denied, more information in /usr/share/doc/<pkgname>-pkgversion>/README
> First, could you confirm that lines I want to put in the file are right?
>
Seems OK.
> I manually edit the file to try, logout, and try login but it fails.
Check if you _really_ have the console.
# cat /var/run/console/console.lock (for FC3t3).
I had some troubles with pam_console in fc3t2. Seems to work as expected
now (fc3t3).
The documentation :
$ man pam_console
When a user logs in at the console and __no other user is currently
logged in at the console__, pam_console.so will change permissions and
ownership of files as described in the file /etc/security/con-
sole.perms.
> I am unable to login as a normal user (bigs problems with X), only login as
> root.
>
????
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: Ceci est une partie de message num?riquement sign?e
URL: <http://listman.redhat.com/archives/fedora-devel-list/attachments/20041020/77c7f556/attachment.sig>
More information about the fedora-devel-list
mailing list