Le mercredi 07 octobre 2009 à 19:51 +0200, Kay Sievers a écrit : > On Wed, Oct 7, 2009 at 19:41, Frederic Crozat <fcrozat@xxxxxxxxxxxx> wrote: > > Le mercredi 07 octobre 2009 à 18:41 +0200, Kay Sievers a écrit : > >> On Wed, Oct 7, 2009 at 18:40, Frederic Crozat <fcrozat@xxxxxxxxxxxx> wrote: > >> > Le mercredi 29 juillet 2009 à 13:41 +0200, Frederic Crozat a écrit : > >> >> Hi all, > >> >> > >> >> we just switched Mandriva cooker permissions on device from pam_console > >> >> + HAL ACL to udev ACL. > >> >> > >> >> And now, we are starting to discover some regressions ;) > >> >> > >> >> Before the switch /dev/ttyACM* was given console privilege, allowing > >> >> usage of programs like gammu (and its derivative) to access phones > >> >> through their modem interface. > >> >> > >> >> With the switch, it is not possible anymore and I'm not sure which path > >> >> is better (if we can find one which is cross-distro) : > >> >> - add users to dialout group : can't be done while users is logged, > >> >> doesn't handle upgrade, hard to find for users > >> >> - setgid programs like gammu for dialout : no action for users needed > >> >> but any user (even without console privilege) will gain access to those > >> >> devices > >> >> - ACL on ttyACM* : no action for users needed, give the same kind of > >> >> access control as pam_console was giving. On the other hand, any > >> >> "console" user will be able to dialout the device. > >> >> > >> >> Opinions ? > >> > > >> > No opinions ? > >> > >> I don't think we want random software to be able to dial out. > > > > So, you are suggesting the setgid approach ? > > No, use NetworkManager or similar which can handle that with > PolicyKit, or for system services put them into the group "dialout" if > that is what people want. I guess I shouldn't have said "modem", because it implied "NetworkManager" (which we don't use anyway) instead of controlling some features of those phones, like accessing addressbook, retrieving SMS, etc.. And since I'm not a "gammu" hacker (or user) of any sort, I guess we will revert to our previous perms of those devices for now. PS : no need to cc me, I'm subscribed to the list. -- Frederic Crozat <fcrozat@xxxxxxxxxxxx> Mandriva -- To unsubscribe from this list: send the line "unsubscribe linux-hotplug" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
