dbn.lists at gmail.com
Tue Jul 4 08:55:39 PDT 2006
On 7/4/06, Randy McMurchy <randy at linuxfromscratch.org> wrote:
> Dan Nicholson wrote these words on 07/04/06 10:38 CST:
> > No, it installs another binary called pam_console_apply.
> Is this program run by the pam_console.so module, or directly from
> the command line? If not command line, it would be nice to put it
> in the /lib/security dir. What do you think?
It can be run from the command line, but mostly it is only ever
invoked by pam_console. I've never used it directly. Here's the
manpage description. It probably doesn't need to be in /sbin. Keep in
mind that in my setup (and Paldo's), the device permssion changing is
neutered. I.e., I don't supply pam_console with any devices to work
on. I have just enough configuration so that /var/run/console is
populated since this is all that hal/g-v-m/g-p-m check for.
pam_console_apply is a helper executable which sets or resets permis-
sions on device nodes.
If /var/run/console.lock exists, pam_console_apply will grant permis-
sions to the user listed therein. If the lock file does not exist,
permissions are reset according to defaults set in console.perms files,
normally configured to set permissions on devices so that root owns
When initializing its configuration it first parses the /etc/secu-
rity/console.perms file and then it searches for files ending with the
.perms suffix in the /etc/security/console.perms.d directory. These
files are parsed in the lexical order in "C" locale. Permission rules
are appended to a global list, console and device class definitions
override previous definitions of the same class.
> Great. Could you also mention *how* some packages such as HAL and
> GVM can use it? A brief mention that "users at the console blah,
> blah, blah; see the HAL/GVM (whatever is applicable) instructions
> for further information about using pam_console". Note the paren
> stuff isn't included, just a note to you.
Yeah. Nothing too detailed, but hopefully you'll get the gist of it.
More information about the blfs-dev