[Hendrik Sattler]
> Does that work when not using pmount but only hal to mount devices? Can the
> other side of d-bus messages be aware of such group memberships?:
> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=377689
Thank you for the reference. It seem to me that this problem still
exist
Am Dienstag 17 Oktober 2006 13:50 schrieb Petter Reinholdtsen:
> By updating /etc/pam.d/common-auth and /etc/security/group.conf it is
> possible to add the logged in user to the grous needed (audio,
> floppy, cdrom, plugdev, video). In addition to getting access to
> the devices present d
[Gernot Salzer]
> what is the standard/canonical way of handling device permissions
> in Debian ("etch" in my case) on desktop PCs running a GUI?
As you probably found out from the replies so far, there is no
standard way. :(
Here are some notes I wrote for Debian Edu. You might find it useful.
Qua, 2006-10-11 às 23:17 +0200, Tim Dijkstra escreveu:
> One problem is that a user can launch a daemon that keeps the device file
> open before she logs out
> Also I was referring to how pam_group works, but I find this way of
> handling permissions even more broken than pam_group. For example,
>
On Wed, 11 Oct 2006, Roland Mas wrote:
> Sam Morris, 2006-10-11 13:40:08 +0200 :
>
> > I think HAL/PolicyTool/pam_foreground will eventually give us a
> > (slow?) solution to problems like this, but it's some way off at the
> > moment. Being able to add/revoke permissions with traditional
> > secu
On Wed, 11 Oct 2006 16:31:37 +0200
Gernot Salzer <[EMAIL PROTECTED]> wrote:
>
> > First, there is no safe way to revoke privileges from a user. If a user
> > gets access to a certain group he/she can arrange ways to keep it,
> > even after being logged out (make a suid binary for example).
>
> I
On Wednesday 11 October 2006 14:12 pm, Gernot Salzer wrote:
> Don't mechanisms like libpam_devperm grant exclusive access?
> On login the ownership of the devices is set to the console user,
> and only the owner is granted rwx-rights. On logout
> ownership/permissions of the device revert to the ol
Sam Morris, 2006-10-11 13:40:08 +0200 :
> I think HAL/PolicyTool/pam_foreground will eventually give us a
> (slow?) solution to problems like this, but it's some way off at the
> moment. Being able to add/revoke permissions with traditional
> security methods (i.e. group membership) requires kerne
> First, there is no safe way to revoke privileges from a user. If a user
> gets access to a certain group he/she can arrange ways to keep it,
> even after being logged out (make a suid binary for example).
I admit that I don't know much about the internals of Unix/Linux.
So, if upon login of us
On Wed, 11 Oct 2006 14:12:20 +0200
Gernot Salzer <[EMAIL PROTECTED]> wrote:
> Don't mechanisms like libpam_devperm grant exclusive access?
> On login the ownership of the devices is set to the console user,
> and only the owner is granted rwx-rights. On logout
> ownership/permissions of the devic
> > Having to add users to particular groups is not reasonable in a
> > desktop setting. There, one would like to have the current user
> > at the console (logged in via gdm or similar) to be the one with
> > exclusive rights on local devices (fixed ones like audio and video
> > as well as variable
On Wed, 11 Oct 2006 13:08:27 +0200, Gernot Salzer wrote:
> It seems that users have to be added to group "audio"
> in order to be able to access audio devices, group "video" to access
> video devices, "cdrom" to access cdrom, and so on. Or did I miss some
> setting during installation of etch?
>
Dear DDs & D-friends,
what is the standard/canonical way of handling device permissions
in Debian ("etch" in my case) on desktop PCs running a GUI?
It seems that users have to be added to group "audio"
in order to be able to access audio devices, group "video" to access
video devices, "cdrom" to
13 matches
Mail list logo
