Le mercredi 07 octobre 2009 à 18:41 +0200, Kay Sievers a écrit : > On Wed, Oct 7, 2009 at 18:40, Frederic Crozat <fcrozat@xxxxxxxxxxxx> wrote: > > Le mercredi 29 juillet 2009 à 13:41 +0200, Frederic Crozat a écrit : > >> Hi all, > >> > >> we just switched Mandriva cooker permissions on device from pam_console > >> + HAL ACL to udev ACL. > >> > >> And now, we are starting to discover some regressions ;) > >> > >> Before the switch /dev/ttyACM* was given console privilege, allowing > >> usage of programs like gammu (and its derivative) to access phones > >> through their modem interface. > >> > >> With the switch, it is not possible anymore and I'm not sure which path > >> is better (if we can find one which is cross-distro) : > >> - add users to dialout group : can't be done while users is logged, > >> doesn't handle upgrade, hard to find for users > >> - setgid programs like gammu for dialout : no action for users needed > >> but any user (even without console privilege) will gain access to those > >> devices > >> - ACL on ttyACM* : no action for users needed, give the same kind of > >> access control as pam_console was giving. On the other hand, any > >> "console" user will be able to dialout the device. > >> > >> Opinions ? > > > > No opinions ? > > I don't think we want random software to be able to dial out. So, you are suggesting the setgid approach ? -- Frederic Crozat <fcrozat@xxxxxxxxxxxx> Mandriva -- To unsubscribe from this list: send the line "unsubscribe linux-hotplug" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
