Creating a jackuser group
Anthony Green
green at redhat.com
Mon Feb 19 16:30:15 UTC 2007
On Thu, 2007-02-15 at 22:18 +0100, Davide Bolcioni wrote:
> Well, if I understand this correctly, could the above be obtained using
> consolehelper(8) and creating /etc/pam.d/qjackctl, which would have
>
> session required pam_limits.so conf=/etc/security/qjackctl.conf
>
> where qjackctl.conf would have
>
> * - memlock 131072
> * . rtprio <don't know what to put here>
>
> or am I missing something ? No groups to create, and files which RPM can add
> in directories which are likely to just be there.
Thanks for this suggestion. It forced me to learn a little about PAM.
As I understand it, this would give RT privs to any user who runs
qjackctl. One thing that wasn't clear to me is what constitutes a
"session". If they run qjackctl, do the limit changes affect anything
the user does from that point on? Or is it limited to the qjackctl
process and whatever it runs.
This is pretty neat, but I think one of our goals was to require admin
privs to grant RT privs to users because of the inherent dangers of
handing them out to everybody. Is this not really a worthwhile goal?
AG
More information about the fedora-devel-list
mailing list