[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Google
  Web www.spinics.net

pam_console - no way to specify a gid?

After looking of pam_console's documentation, and peeking at the source code, it looks like there's no way to set a device's groupid to anything other than the console login account's primary groupid. The only time a device's groupid gets set is when all permissions get reset, after a logout.
I wonder if this is something that simply never got implemented, or if there's some specific reason this should not be done. I can't think of any, myself.
I'm packaging up MythTV. After pondering for a while how I was going to do that, I chose to run all myth stuff under a reserved system account. But now, when I log in from the console, pam_console gives me the ownership of all <v4l> and <sound>, mode 0600. Since the mythtv stuff is always running in the background, under its own separate userid, and it needs access to <v4l> and <sound> devices, this obviously becomes a problem.
My only option, at the moment, is to install a file in /etc/security/console.perms.d that overrides the <v4l> and <sound> entries, and makes all of these devices mode 0666. I don't like this, but I can't think of anything better. I think it's better to set these device files's userid to the console login account's userid, and a group id to the mythtv groupid, with mode 0660, but, right now, this is just not possible.

Attachment: pgpHLLJWLotcb.pgp
Description: PGP signature

_______________________________________________

Pam-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/pam-list

[Home]     [Kernel List]     [Red Hat Install]     [Linux for the blind]     [Red Hat Watch List]     [Gimp]     [Kerberos: The Definitive Guide]

Add to Google Powered by Linux