Re: [RFC Fedora 10] kill pam_console

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Chris Adams (cmadams@xxxxxxxxxx) said: 
> If I just wanted all serial ports assigned (like in my pam_console bit
> above), I guess something like this would work?
> 
> #########################################################################
> <?xml version="1.0" encoding="UTF-8"?>
> <deviceinfo version="0.2">
>   <device>
>     <match key="serial.port" exists="true">
>       <append key="info.capabilities" type="strlist">access_control</append>
>       <merge key="access_control.file" type="copy_property">linux.device_file</merge>
>       <merge key="access_control.type" type="string">serial</merge>
>     </match>
>   </device>
> </deviceinfo>
> #########################################################################

Something along those lines, yes.

> I have another system where I have multiple USB-to-RS232 adapters; one
> is used for outbound terminal sessions (console user gets access) and
> one for a modem (no console access).  I differentiate between the two
> with a udev rule that adds a symlink (e.g. "term" and "modem") and then
> set the permissions with a pam_console match on the symlink.  Is it
> possible to match something set from udev like that (so I don't have two
> places to keep track of hardare serial numbers and such for matching)?

This is a two-stage process. For examples see:

 /usr/share/hal/fdi/information/10freedesktop/10-usb-pda.fdi

followed by:

 /usr/share/hal/fdi/policy/10osvendor/20-acl-management.fdi

The first looks at varying information in HAL (such as the driver
being the ipaq driver, the USB vendor/product ids, and then adds
the 'pda' capability to the device. The second file then adds ACL
management to any device with 'pda' capabilities.

So, you'd want to use whatever criteria you're using in udev to
set a capability on the device, and then add the stanza to only
apply ACLs to devices with that capability. (Depending on the
criteria you're using in udev, you might be able to craft the
match without adding a property.)

Bill

-- 
fedora-devel-list mailing list
fedora-devel-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-devel-list
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux