Devices and permissions

Matias Féliciano feliciano.matias at free.fr
Wed Oct 20 15:21:10 UTC 2004 

Le mercredi 20 octobre 2004 à 16:46 +0200, Alain PORTAL a écrit :
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Le mercredi 20 Octobre 2004 14:16, Matias Féliciano a écrit :
> 
> > > So, using /etc/security/console.perms seems the best way.
> > > Here is my purposal:
> > >
> > > # device classes
> > > <serialport>=/dev/ttyS[0-9]
> > > <paralellport>=/dev/parport[0-7]
> > >
> > > # permission definitions
> > > <console>  0600 <serialport>      0660 root.uucp
> > > <console>  0600 <paralellport>    0660 root.lp
> > >
> > > Does it seem right for you?
> > >
> > > How can I add/remove these lines via rpm (un)installation?
> >
> > With Perl, sed ...
> 
> Hhmm, not really my cup of tea :-)
> 
> > Personally, I don't like that third party package touch security files.
> > Put some instructions in README or INSTALL file and let the
> > administrator do his job :-)
> 
> Problem is: is "administrator" reading README or INSTALL files provided by a 
> rpm package?
> 

Add a warning :
- /dev/ttyS? : Permission denied, more information in /usr/share/doc/<pkgname>-pkgversion>/README

> First, could you confirm that lines I want to put in the file are right?
> 

Seems OK.

> I manually edit the file to try, logout, and try login but it fails.

Check if you _really_ have the console.
# cat /var/run/console/console.lock  (for FC3t3).

I had some troubles with pam_console in fc3t2. Seems to work as expected
now (fc3t3).

The documentation :
$ man pam_console
       When a user logs in at the console  and  __no  other  user  is  currently
       logged  in  at  the console__, pam_console.so will change permissions and
       ownership  of  files  as  described  in  the  file   /etc/security/con-
       sole.perms. 

> I am unable to login as a normal user (bigs problems with X), only login as 
> root.
> 

????

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: Ceci est une partie de message num?riquement sign?e
URL: <http://listman.redhat.com/archives/fedora-devel-list/attachments/20041020/77c7f556/attachment.sig>

More information about the fedora-devel-list mailing list