Re: gdm/Gnome/KDE and device permissions
Sam Morris, 2006-10-11 13:40:08 +0200 :
> I think HAL/PolicyTool/pam_foreground will eventually give us a
> (slow?) solution to problems like this, but it's some way off at the
> moment. Being able to add/revoke permissions with traditional
> security methods (i.e. group membership) requires kernel
> modification AFAIK.
One could envision usage of POSIX ACLs. Very hackish, but some daemon
could add an ACL entry to various files in /dev when a user logs in,
or logs out, or time passes, or some device is plugged in, or
whatever. No need for special groups. Of course, maintenance would
probably be a nightmare, unless there's a way to share ACLs between
files that I'm not aware of.
Ace of clubs? Let's see that.
European Juggling Convention -- Carvin, France. http://ejc2004.org