Christophe Combelles wrote:
It's not so simple, a group cannot tell if you are logging in at the console or remotely (read below)But why is it necessary to change the perms of the devices ?? This should be only a matter of groups.
Remember, Linux is a multiuser and networked system. Only a user logging in at the console should access /dev/mixer (and /dev/dsp, and /dev/video, etc.), a user logging in remotely (normally) has no use for it. This pam module, while not ideal in every situation, is configured to give access to some devices only to users phisically logging in at the machine, and this should be ok for most situations.
For example /dev/mixer should always belong to root:audio with perms crw-rw----, and a user should be in the group audio.
So even ater login, the /dev entry has not been changed, but only the users of the group audio could access /dev/mixer.
And when a user is created, it should automatically belong to a series of standard groups like audio, etc.
If you need fixed permissions (for example, to record from the tv card in a cron job or start a recording remotely) you can tweak /etc/security/console.perms
Bye
--
Luca Olivetti
Note.- This message reached you today, it may not tomorrow if you
are using MAPS or other RBL. They arbitrarily IP addresses not
related in any way to spam, disrupting Internet connectivity.
See http://slashdot.org/article.pl?sid=01/05/21/1944247 and
http://theory.whirlycott.com/~phil/antispam/rbl-bad/rbl-bad.html
msg86242/pgp00000.pgp
Description: PGP signature