[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: gdm/Gnome/KDE and device permissions

On Wed, 11 Oct 2006, Roland Mas wrote:
> Sam Morris, 2006-10-11 13:40:08 +0200 :
> 
> > I think HAL/PolicyTool/pam_foreground will eventually give us a
> > (slow?) solution to problems like this, but it's some way off at the
> > moment. Being able to add/revoke permissions with traditional
> > security methods (i.e. group membership) requires kernel
> > modification AFAIK.
> 
> One could envision usage of POSIX ACLs.  Very hackish, but some daemon
> could add an ACL entry to various files in /dev when a user logs in,
> or logs out, or time passes, or some device is plugged in, or
> whatever.  No need for special groups.  Of course, maintenance would
> probably be a nightmare, unless there's a way to share ACLs between
> files that I'm not aware of.

/dev is a tmpfs and that filesystem supports ACL only in very recent
kernel. IIRC it has been introduced in the (upcoming) 2.6.19.

Cheers,
-- 
Raphaël Hertzog

Premier livre français sur Debian GNU/Linux :
http://www.ouaza.com/livre/admin-debian/
Reply to: