On Wed, Oct 7, 2009 at 19:41, Frederic Crozat <fcrozat@xxxxxxxxxxxx> wrote: > Le mercredi 07 octobre 2009 à 18:41 +0200, Kay Sievers a écrit : >> On Wed, Oct 7, 2009 at 18:40, Frederic Crozat <fcrozat@xxxxxxxxxxxx> wrote: >> > Le mercredi 29 juillet 2009 à 13:41 +0200, Frederic Crozat a écrit : >> >> Hi all, >> >> >> >> we just switched Mandriva cooker permissions on device from pam_console >> >> + HAL ACL to udev ACL. >> >> >> >> And now, we are starting to discover some regressions ;) >> >> >> >> Before the switch /dev/ttyACM* was given console privilege, allowing >> >> usage of programs like gammu (and its derivative) to access phones >> >> through their modem interface. >> >> >> >> With the switch, it is not possible anymore and I'm not sure which path >> >> is better (if we can find one which is cross-distro) : >> >> - add users to dialout group : can't be done while users is logged, >> >> doesn't handle upgrade, hard to find for users >> >> - setgid programs like gammu for dialout : no action for users needed >> >> but any user (even without console privilege) will gain access to those >> >> devices >> >> - ACL on ttyACM* : no action for users needed, give the same kind of >> >> access control as pam_console was giving. On the other hand, any >> >> "console" user will be able to dialout the device. >> >> >> >> Opinions ? >> > >> > No opinions ? >> >> I don't think we want random software to be able to dial out. > > So, you are suggesting the setgid approach ? No, use NetworkManager or similar which can handle that with PolicyKit, or for system services put them into the group "dialout" if that is what people want. Kay -- To unsubscribe from this list: send the line "unsubscribe linux-hotplug" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
