Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 39249 Details for
Bug 31877
Not using pam_console by default in Gentoo
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
proposed README.pam_console
README.pam_console (text/plain), 2.65 KB, created by
Gregorio Guidi (RETIRED)
on 2004-09-09 06:17:32 UTC
(
hide
)
Description:
proposed README.pam_console
Filename:
MIME Type:
Creator:
Gregorio Guidi (RETIRED)
Created:
2004-09-09 06:17:32 UTC
Size:
2.65 KB
patch
obsolete
>Introduction >============ > >pam_console is a module for PAM (Pluggable Authentication Modules) designed to >give users that log locally in a system ("owning the console" in technical >terms) priviledges that they would not otherwise have, and to take those >priviledges away when they are no longer logged in. > >When a user logs in at the console and no other user is currently logged in, >pam_console will change permissions and ownership of some of the device files, >to allow, for instance, access the audio devices, or to the cdrom drives. >Those permissions are read from a configuration file >(/etc/security/console.perms). > >To know more about pam_console, run 'man pam_console' and 'man console.perms'. > > >Gentoo and pam_console >====================== > >In a Gentoo system pam_console is disabled by default, and users are allowed >to access specific devices if they are member of particular groups (e.g. they >have to be members of the audio group to access audio devices). > >However, Gentoo gives you the possibility to enable pam_console, you just have >to follow these advices: > >1) In /etc/pam.d/system-auth, uncomment the following line: > > session optional /lib/security/pam_console.so > > Thus, pam_console will apply permissions from /etc/security/console.perms > when you log in. > >2) If you're using devfs, uncomment the following lines in /etc/devfsd.conf: > > REGISTER .* CFUNCTION /lib/security/pam_console_apply_devfsd.so\ > pam_console_apply_single $devpath > > In this way, permissions from /etc/security/console.perms will be applied > also to those devices that are created dynamically. > Moreover, you should comment out the following lines: > > #REGISTER .* COPY /lib/dev-state/$devname $devpath > #CHANGE .* COPY $devpath /lib/dev-state/$devname > #CREATE .* COPY $devpath /lib/dev-state/$devname > #DELETE .* CFUNCTION GLOBAL unlink /lib/dev-state/$devname > #RESTORE /lib/dev-state > > Restoring device permission from /lib/dev-state interferes with pam_console > and should be disabled. This means that you should change device attributes > in /etc/devfsd.conf and not manually using chmod/chown. > >3) If you're using udev, create a file in /etc/dev.d/default/ ending with > '.dev', for instance /etc/dev.d/default/pam_console.dev, containing the > following lines: > > #!/bin/sh > exec /sbin/pam_console_apply > > and make it executable: > > chmod +x /etc/dev.d/default/pam_console.dev > > In this way, pam_console will reevaluate permissions from > /etc/security/console.perms each time a device is dynamically created. > >4) Tweak /etc/security/console.perms to your own needs.
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=39249">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 31877
: 39249 |
62863
