On Wed, Jul 24, 2002 at 11:58:27PM +0200, Bas Zoetekouw wrote: > Hi Sebastien! > > You wrote: > > > One solution is to use pam_group to add a user to a special, and > > ususaly empty, group if he's loggued on the :0 display. > > That makes no sense. User logs in behind the console, and is put in the > group. User makes a g+s zsh-with-camera-access binary and puts it in > ~/bin. After that, he'll always have access to the camera. I got your point, which is if I understand correctly is that we can't grant to a user a membership to a group in a temporary basis. If he is smart enough, he can do what necessary to stay (illegallly) in the group. > With other words: pam_console is only for clueless admins and Redhat > users. But the whole point of pam_console is to know which user is in front of the computer so we can give access to him and only him. Is there a flaw here ? Christophe -- Christophe Barbé <christophe.barbe@ufies.org> GnuPG FingerPrint: E0F6 FADF 2A5C F072 6AF8 F67A 8F45 2F1E D72C B41E Dogs come when they're called; cats take a message and get back to you later. --Mary Bly
Attachment:
pgpP5Eb_lQTmY.pgp
Description: PGP signature