[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: pam_console for debian



On Wed, Jul 24, 2002 at 06:41:15PM +0200, Andreas Metzler wrote:
> christophe barbé <christophe.barbe.ml@online.fr> wrote:
> > For gphoto2, I am working on integrating hotplug code to give the
> > permission to access the cam to the user in front of the computer.
> 
> > The RedHat package uses a script which reads the file 
> >   /var/{run,lock}/console.lock
> > which contains the user login. This file is created by pam_console.
> 
> > We don't have pam_console, so I am looking for an alternative.
> 
> Hello,
> Search the archives, /iirc/ there was a consensus that pam_console is
> a hack with bad security and that debian should not use it.

Ok. This sounds like a good reason.

> Do you see any major difference between accessing the camera or the
> local soundcard? We accept that all users in group sound can access

Yes. The difference is hotplug which allow to do fine stuff like setting
the permissions when the cam is plugged. If I am able to determine which
user is in front of the computer, I can give him and only him access to
the camera. 
If I am not able to find the user, there is no real point using a
hotplug script to set the permission.

> the soundcard, no matter whether they are login locally, can't you
> setup a new group and give the cam to this group?

That what was done until now (but not automatically).
Selective access to the cam seems to be a good thing, so it worths
digging around.

Christophe

>             cu andreas
> 
> 
> -- 
> To UNSUBSCRIBE, email to debian-devel-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
> 

-- 
Christophe Barbé <christophe.barbe@ufies.org>
GnuPG FingerPrint: E0F6 FADF 2A5C F072 6AF8  F67A 8F45 2F1E D72C B41E

L'experience, c'est une connerie par jour mais jamais la même.

Attachment: pgpouBFaBDaDs.pgp
Description: PGP signature


Reply to: