pam_console versus console nsswitch group?
Matthew Mastracci
matt at aclaro.com
Tue Mar 23 23:39:21 UTC 2004
After having some issues with pam_console applying permissions to some
nvidia* files, I was wondering - would it be better to assign these
devices a group of "console" and use nsswitch to dynamically assign
console users?
I've had to reset the permissions of the device to 777, owner root and
disable the entry in console.perms, but that does allow non-local users
access to these devices.
An nsswitch module could just enumerate the entries in
/var/run/console/* and return them as part of the console group. These
users should then have access to the given console device.
Thoughts?
Matt.
More information about the Pam-list
mailing list