[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Devices and permissions

Hi Nils, thanks for your answer.

Le mercredi 20 Octobre 2004 11:32, Nils Philippsen a écrit :

> So is it a client or a server application?

Perhaps I need to tell more about this application: this is an IDE for the 
developpement of Microchip PIC based applications. This IDE also can program 
chip devices through serial or paralell ports programmers.
So, logged user need to access to the serial/paralell ports in RW mode.
We should consider that is a client application.

> If it's a client application, 
> all users who want to use it must have the permissions, either by
> belonging to a special group or /etc/security/console.perms trickeries.

Create a special group doesn't seem to me a good idea because if a new user is 
added after the package installation, he won't belong to the new group and 
administrator will need to add him manually.
I prefer a solution where all users can use the application by default.

So, using /etc/security/console.perms seems the best way.
Here is my purposal:

# device classes 

# permission definitions
<console>  0600 <serialport>      0660 root.uucp
<console>  0600 <paralellport>    0660 root.lp

Does it seem right for you?

How can I add/remove these lines via rpm (un)installation?

> If it's a server application, you could let it be run by e.g. the
> "myserverapp" user (with an exemplary uid/gid of 450 -- I don't know
> whom you should ask to get a fixed well known one assigned for FC) which
> would get added/removed like this in packages:
> %post
> # Don't fail if user/group already exist
> groupadd -g 450 myserverapp || :
> useradd -u 450 -g 450 -G uucp,lp myserverapp -d /usr/lib/myserverapp || :
> %postun
> if [ "$1" = "0" ]; then
>  userdel -r myserverapp || :
>  groupdel -r myserverapp || :
> fi

" || : " is the way to don't fail?


Alain PORTAL -- Service Commun de Microscopie Électronique
Université de Montpellier II -- Case Courrier 087
Place Eugène Bataillon -- 34095 Montpellier Cedex 05
Tél. : 04 67 14 37 35 -- Fax. : 04 67 14 37 37

NO WORD ATTACHMENTS: http://www.fsf.org/philosophy/no-word-attachments.fr.html

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]