[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

gdm/Gnome/KDE and device permissions

Dear DDs & D-friends,

what is the standard/canonical way of handling device permissions
in Debian ("etch" in my case) on desktop PCs running a GUI?

It seems that users have to be added to group "audio"
in order to be able to access audio devices, group "video" to access
video devices, "cdrom" to access cdrom, and so on. Or did I miss some
setting during installation of etch?

Having to add users to particular groups is not reasonable in a
desktop setting. There, one would like to have the current user
at the console (logged in via gdm or similar) to be the one with
exclusive rights on local devices (fixed ones like audio and video
as well as variable ones like external usb devices).

Part of the problem can be solved by using libpam-permdev:
it handles well fixed builtin devices like audio, video, cdrom,
but fails with dynamic devices like usb sticks (the pam module
is only active during login and therefore misses dynamic devices
plugged in during the session).
Moreover, since the module is not installed automatically with gdm,
it doesn't seem to be the intended solution.

For dynamic devices I haven't found a solution yet. Autodetection
and automounting of e.g. usb sticks works with gnome, if there are
entries in /etc/fstab. However, such entries are not reasonable
since one doesn't know in advance which devices are plugged in
in which order. I found some hints on the web how to use udev
hooks and events, but I suppose there are already ready-to-use
solutions somewhere hidden in Debian.

I'd appreciate any hints. Thanks in advance, and thanks for reading
this far,

Reply to: