On Friday 16 January 2009, Bill Nottingham wrote: > I think it's time to retire pam_console from the default configuration. [...] > em8300: /etc/security/console.perms.d/60-em8300.perms (heffer) > vdr: /etc/security/console.perms.d/95-vdr.perms (scop) [...] > I'd be willing to chip in to get these fixed, it shouldn't be that hard. Thanks in advance. I'm pretty clueless wrt hal/consolekit but do know how vdr (which I maintain and use all the time) and em8300 (which I used to maintain and do still use all the time with vdr) should work. So here goes an explanation - if you can help out with these, maybe it'll serve as a good education session for myself and others here: em8300 is a hardware MPEG decoder. Locally logged in users should be able to use it - I guess the same use cases as for DVB cards apply to it. vdr is a daemon providing PVR functionality. It is run as a service, with a dedicated unprivileged system user account, needs to be able to use at least DVB devices without interference even if people log in locally to the box and log out, and also after boot without anyone logging in. Depending on the configuration and available plugins, it should also have similar access to the em8300 devices, serial ports, input/event devices and optical drives, possibly other devices as well. Ditto the other way around - the configuration shouldn't prevent locally logged in users from using these devices (obviously in case they're not in use by vdr but I suppose that's off topic). Both em8300 and vdr currently use the "video" group, udev rules and a console.perms.d snippet to get the desired behavior. IIRC the only purpose of the console.perms.d snippet in both was to prevent pam_console from fiddling with the device permissions so that vdr could no longer use them when people logged in/out and/or to prevent pam_console from overriding the permissions set in udev rules by duplicating the rules in the console.perms.d snippet. (Oh, BTW, looks like the vdr one still contains some event/input references that should have been moved to the vdr-remote package which is a plugin through which vdr may use those devices.) So... where do we start? -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list