also sprach Derek Martin <code@pizzashack.org> [2006.06.22.2256 +0200]:
> Red Hat has a nice PAM library that lets people access, say, the sound
nice. right.
> devices when they log in on the console. Thus anyone who logs in
> automatically has access to the sound devices. However, this facility
> appears to be lacking in Sarge.
by choice, yes.
http://lists.debian.org/debian-devel/2001/06/msg00944.html
check out pam_group and /etc/security/group.conf for another
approach, which is not secure (read comments), but a little better.
> Except that Debian seems to have some mechanism which, at boot
> time, resets the group ownership of /dev files.
You are probably using udev which creates them after boot.
dpkg -l udev
> Anyone know how I can make this stop? Or alternately, know a
> different way to solve this which I have not already discussed?
You could help with modularisation of makedev, which will allow you
to specify policies for device files.
> FWIW, as a long-time system administrator of Unix systems in
> a wide variety of environments, I consider this behavior highly
> undesireable, and would like to suggest to any developers
> listening that they consider changing that behavior.
dpkg -P udev
you get what you ask for. Now if you're not using devfs but a plain
/dev, you should be fine.
df /dev | grep -q '/$' && echo now everything should be okay \
|| echo got work to do
--
Please do not send copies of list mail to me; I read the list!
.''`. martin f. krafft <madduck@debian.org>
: :' : proud Debian developer and author: http://debiansystem.info
`. `'`
`- Debian - when you have better things to do than fixing a system
"moderation is a fatal thing. enough is as bad as a meal. more than
enough is as good as a feast."
-- oscar wilde
Attachment:
signature.asc
Description: Digital signature (GPG/PGP)