pam_console - no way to specify a gid?

[Sam Varshavchik]

After looking of pam_console's documentation, and peeking at the source 
code, it looks like there's no way to set a device's groupid to anything 
other than the console login account's primary groupid.  The only time a 
device's groupid gets set is when all permissions get reset, after a logout.

I wonder if this is something that simply never got implemented, or if 
there's some specific reason this should not be done.  I can't think of any, 
myself.

I'm packaging up MythTV.  After pondering for a while how I was going to do 
that, I chose to run all myth stuff under a reserved system account. But 
now, when I log in from the console, pam_console gives me the ownership of 
all <v4l> and <sound>, mode 0600.  Since the mythtv stuff is always running 
in the background, under its own separate userid, and it needs access to 
<v4l> and <sound> devices, this obviously becomes a problem.

My only option, at the moment, is to install a file in 
/etc/security/console.perms.d that overrides the <v4l> and <sound> entries, 
and makes all of these devices mode 0666.  I don't like this, but I can't 
think of anything better.  I think it's better to set these device files's 
userid to the console login account's userid, and a group id to the mythtv 
groupid, with mode 0660, but, right now, this is just not possible.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 191 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/pam-list/attachments/20060423/0e998bf7/attachment.sig>