On Mon, 3 Sep 2001, Richard Gooch wrote:
> Roberto Jung Drebes writes:
> > Any plans to include support for pam_console (and
> > /var/lock/console*, /etc/security/console*) in devfs, so that when a
> > module was loaded (and consequently would register the devices at
> > the device fs, it would chown it to the owner of the console as RH
> > already does to the static devices?
>
> Let me get this straight: you want to set the ownership of some new
> device nodes created by a module, and that ownership is determined by
> who owns the console?
Exacltly.
> You don't need to hack devfs to do this. All you need to do is
> configure devfsd appropriately.
How do I do that? Should I add a REGISTER line for every device that will
look the device name in a configuration file (like console.perms) and
chown it acordingly?
> > I understand this is not a perfect solution, but I believe it is a
> > simple one. It would be even better if devfs supported ACLs and when
> > the modules registered the devices, a ACL would be added allowing
> > device access to the console owner to the device.
>
> This didn't parse well. You mean you want an ACL on the device which
> gives the console owner device rights?
Yes. I think it would be better to just add an ACL with permissions to
that user when he logs in and remove it when he logs out than really
changing the ownership of the device (as it' s done currently on RH).
> > Any plans of implementing POSIX ACLs in devfs? How would it be done?
> > the ACL commands would be passed to devfsd that then would take
> > proper action?
>
> Not at this stage. I'm waiting to see if we can get a ACL
> implementation accepted into the kernel. I don't want something
> devfs-specific.
The XFS and ext2 ACL people are trying to agree in a library call
interface. Wouldn't POSIX ACLs not be devfs-specific?
--
Roberto Jung Drebes <drebes@xxxxxxxxxxxx>
Porto Alegre, RS - Brasil
http://www.inf.ufrgs.br/~drebes/
|