Gnome Screensaver

Dan Nicholson dbn.lists at
Tue Jul 4 08:55:39 PDT 2006

On 7/4/06, Randy McMurchy <randy at> wrote:
> Dan Nicholson wrote these words on 07/04/06 10:38 CST:
> > No, it installs another binary called pam_console_apply.
> Is this program run by the module, or directly from
> the command line? If not command line, it would be nice to put it
> in the /lib/security dir. What do you think?

It can be run from the command line, but mostly it is only ever
invoked by pam_console. I've never used it directly. Here's the
manpage description. It probably doesn't need to be in /sbin. Keep in
mind that in my setup (and Paldo's), the device permssion changing is
neutered. I.e., I don't supply pam_console with any devices to work
on. I have just enough configuration so that /var/run/console is
populated since this is all that hal/g-v-m/g-p-m check for.

       pam_console_apply  is  a helper executable which sets or resets permis-
       sions on device nodes.
       If /var/run/console.lock exists, pam_console_apply will  grant  permis-
       sions  to  the  user  listed therein.  If the lock file does not exist,
       permissions are reset according to defaults set in console.perms files,
       normally  configured  to  set  permissions on devices so that root owns

       When initializing its configuration  it  first  parses  the  /etc/secu-
       rity/console.perms  file and then it searches for files ending with the
       .perms suffix in  the  /etc/security/console.perms.d  directory.  These
       files  are parsed in the lexical order in "C" locale.  Permission rules
       are appended to a global list, console  and  device  class  definitions
       override previous definitions of the same class.

> Great. Could you also mention *how* some packages such as HAL and
> GVM can use it? A brief mention that "users at the console blah,
> blah, blah; see the HAL/GVM (whatever is applicable) instructions
> for further information about using pam_console". Note the paren
> stuff isn't included, just a note to you.

Yeah. Nothing too detailed, but hopefully you'll get the gist of it.


More information about the blfs-dev mailing list