pam_group (Was: ubuntu-xxx ....)
Scott James Remnant
scott at ubuntu.com
Thu Mar 31 20:15:36 CST 2005
On Thu, 2005-03-31 at 23:38 +0200, Timo Aaltonen wrote:
> On Thu, 31 Mar 2005, Matt Zimmerman wrote:
>
> > It seems that way at first, but in fact the semantics are closer to "any
> > user who has ever logged in locally has access to these devices". Pitfalls
> > like these are the reason why we don't "magically" grant permissions based
> > on dynamic criteria. If the user should have access to the devices, they
> > should be granted, otherwise not. The capability does not currently exist
> > to revoke these permissions from users once they have been granted.
>
> Do you have more info regarding this? The PAM-documentation doesn't
> enlighten me. Even if it is as you describe, the situation is a bit better
> than granting access to all users, no?
>
Log in locally:
cp /bin/sh $HOME
chgrp plugdev $HOME/sh
chmod g+s $HOME/sh
You now have a setgid plugdev shell that you can use anytime you want
permissions of that group.
Scott
--
Scott James Remnant Ubuntu Down Under -- 25th - 30th April 2005
scott at ubuntu.com Vibe Rushcutters, Sydney, Australia
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.ubuntu.com/archives/ubuntu-devel/attachments/20050401/6d398609/attachment.pgp
More information about the ubuntu-devel
mailing list