Re: ITP or RFP pam-redhat or request to merge pam-redhat in pam

To: debian-devel@lists.debian.org
Subject: Re: ITP or RFP pam-redhat or request to merge pam-redhat in pam
From: Cosimo Alfarano <kalfa@debian.org>
Date: Mon, 4 Nov 2002 22:49:59 +0100
Message-id: <[🔎] 20021104214958.GA2916@answer.42.it>
Mail-followup-to: debian-devel@lists.debian.org
In-reply-to: <[🔎] 87d6plmaif.wl@etrange.ukai.org>
References: <[🔎] 87d6plmaif.wl@etrange.ukai.org>

On Tue, Nov 05, 2002 at 03:54:00AM +0900, Fumitoshi UKAI wrote:
> w3m-img, there are two ways for now. One is setuid, and the other is
> change permission of /dev/fb0.

why not using /etc/security/group.conf instead?

with something like

*;tty*&!ttyp*;*;Al0000-2400;cdrom,video,audio,floppy,fb,...

enable module in pam.d/<whatever> and creating group fb for
framebuffer.

it adds current console user to groups listed above and
remote users (for example) won't be able to read /dev/fb*

IMHO it's a cleaner way to use devices with particular permission, and
might be applied by default in pam (I don't know if the syntax of
example is correct..., but in general it is feasible).

	cosimo.
-- 
Cosimo Alfarano <alfarano at cs.unibo.it>
0DBD 8FCC 4F6B 8D41 8F43  63A1 E43B 153C CB46 7E27
buckle your seat bealt Dorothy... because Kansas... is going bye-bye

Reply to:

Follow-Ups:
- Re: ITP or RFP pam-redhat or request to merge pam-redhat in pam
  - From: Guillem Jover <guillem.jover@menta.net>

References:
- ITP or RFP pam-redhat or request to merge pam-redhat in pam
  - From: Fumitoshi UKAI <ukai@debian.or.jp>

Prev by Date: Re: Debian versioning scheme (r1 vs .1)
Next by Date: Re: Debian versioning scheme (r1 vs .1)
Previous by thread: Re: ITP or RFP pam-redhat or request to merge pam-redhat in pam
Next by thread: Re: ITP or RFP pam-redhat or request to merge pam-redhat in pam
Index(es):
- Date
- Thread