Re: [RFC Fedora 10] kill pam_console

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Once upon a time, Bill Nottingham <notting@xxxxxxxxxx> said:
> Chris Adams (cmadams@xxxxxxxxxx) said: 
> > I am slow on the up-take here, but how do I use the "HAL-based ACL
> > support" to replace pam_console?  For example, on a system with serial
> > ports used for accessing other consoles, I have a 10-serial.perms like:
> > 
> > ########################################################################
> > <serial>=/dev/ttyS[0-9]* /dev/ttyUSB[0-9]*
> > 
> > <console>  0660  <serial>  0660  root.uucp
> > ########################################################################
> > 
> > How do I replace that?
> 
> See /usr/share/hal/fdi/policy/10osvendor/00-thinkfinger.fdi for an
> example of something that does access control. What does lshal
> have for your serial devices?

One is old-style serial and one is USB:

#########################################################################
udi = '/org/freedesktop/Hal/devices/pnp_PNP0501_0_serial_platform_1'
  info.capabilities = {'serial'} (string list)
  info.category = 'serial'  (string)
  info.parent = '/org/freedesktop/Hal/devices/pnp_PNP0501_0'  (string)
  info.product = '16550A-compatible COM port'  (string)
  info.udi = '/org/freedesktop/Hal/devices/pnp_PNP0501_0_serial_platform_1'  (string)
  linux.device_file = '/dev/ttyS1'  (string)
  linux.hotplug_type = 2  (0x2)  (int)
  linux.subsystem = 'tty'  (string)
  linux.sysfs_path = '/sys/class/tty/ttyS1'  (string)
  serial.device = '/dev/ttyS1'  (string)
  serial.originating_device = '/org/freedesktop/Hal/devices/pnp_PNP0501_0'  (string)
  serial.physical_device = '/org/freedesktop/Hal/devices/pnp_PNP0501_0'  (string)
  serial.port = 1  (0x1)  (int)
  serial.type = 'platform'  (string)

udi = '/org/freedesktop/Hal/devices/usb_device_50d_109_862270_if0_serial_usb_0'
  info.capabilities = {'serial'} (string list)
  info.category = 'serial'  (string)
  info.parent = '/org/freedesktop/Hal/devices/usb_device_50d_109_862270_if0'  (string)
  info.product = 'F5U109/F5U409 PDA Adapter'  (string)
  info.udi = '/org/freedesktop/Hal/devices/usb_device_50d_109_862270_if0_serial_usb_0'  (string)
  linux.device_file = '/dev/ttyUSB0'  (string)
  linux.hotplug_type = 2  (0x2)  (int)
  linux.subsystem = 'tty'  (string)
  linux.sysfs_path = '/sys/class/tty/ttyUSB0'  (string)
  serial.device = '/dev/ttyUSB0'  (string)
  serial.originating_device = '/org/freedesktop/Hal/devices/usb_device_50d_109_862270_if0'  (string)
  serial.physical_device = '/org/freedesktop/Hal/devices/usb_device_50d_109_862270_if0'  (string)
  serial.port = 0  (0x0)  (int)
  serial.type = 'usb'  (string)
#########################################################################

If I just wanted all serial ports assigned (like in my pam_console bit
above), I guess something like this would work?

#########################################################################
<?xml version="1.0" encoding="UTF-8"?>
<deviceinfo version="0.2">
  <device>
    <match key="serial.port" exists="true">
      <append key="info.capabilities" type="strlist">access_control</append>
      <merge key="access_control.file" type="copy_property">linux.device_file</merge>
      <merge key="access_control.type" type="string">serial</merge>
    </match>
  </device>
</deviceinfo>
#########################################################################

I have another system where I have multiple USB-to-RS232 adapters; one
is used for outbound terminal sessions (console user gets access) and
one for a modem (no console access).  I differentiate between the two
with a udev rule that adds a symlink (e.g. "term" and "modem") and then
set the permissions with a pam_console match on the symlink.  Is it
possible to match something set from udev like that (so I don't have two
places to keep track of hardare serial numbers and such for matching)?

-- 
Chris Adams <cmadams@xxxxxxxxxx>
Systems and Network Administrator - HiWAAY Internet Services
I don't speak for anybody but myself - that's enough trouble.

-- 
fedora-devel-list mailing list
fedora-devel-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-devel-list

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux