I wonder if this is something that simply never got implemented, or if there's some specific reason this should not be done. I can't think of any, myself.
I'm packaging up MythTV. After pondering for a while how I was going to do that, I chose to run all myth stuff under a reserved system account. But now, when I log in from the console, pam_console gives me the ownership of all <v4l> and <sound>, mode 0600. Since the mythtv stuff is always running in the background, under its own separate userid, and it needs access to <v4l> and <sound> devices, this obviously becomes a problem.
My only option, at the moment, is to install a file in /etc/security/console.perms.d that overrides the <v4l> and <sound> entries, and makes all of these devices mode 0666. I don't like this, but I can't think of anything better. I think it's better to set these device files's userid to the console login account's userid, and a group id to the mythtv groupid, with mode 0660, but, right now, this is just not possible.
Attachment:
pgpHLLJWLotcb.pgp
Description: PGP signature
_______________________________________________ Pam-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/pam-list
