[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: pam_console for debian

On Fri, Jul 26, 2002 at 09:59:10AM +1000, Brian May wrote:
> On Wed, Jul 24, 2002 at 08:28:22PM -0400, christophe barb? wrote:
> > Because you give access to a group of persons instead of to only the
> > owner of the camera.
> 
> While this is really a local policy decision...
> 
> In my setup, I want to allow anybody who can plug the camera in (ie
> local console access) access to the camera that they just plugged in.
> 
> Allowing somebody to plug the camera in, but not allowed to access it,
> is just plain weird.
> 
> Allowing remote users to spy on me via a camera I accidently left
> plugged in is just plan stupid.
> 
> Not that you can totally solve this with standard Unix permissions, but
> other stuff might be able to help (eg. maybe SE-Linux; requires further
> work).

Is there something wrong the the method of just chowning the device to
match the currently logged in user?  It does still leave a few quirks,
like being able to keep the device open after logging out (nohup'd process
or similar), and needs a little thought to cover the 'right' answer for
multiple users logged in on virtual consoles.

Jon Leonard


-- 
To UNSUBSCRIBE, email to debian-devel-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: