On Wed, 11 Oct 2006, Roland Mas wrote: > Sam Morris, 2006-10-11 13:40:08 +0200 : > > > I think HAL/PolicyTool/pam_foreground will eventually give us a > > (slow?) solution to problems like this, but it's some way off at the > > moment. Being able to add/revoke permissions with traditional > > security methods (i.e. group membership) requires kernel > > modification AFAIK. > > One could envision usage of POSIX ACLs. Very hackish, but some daemon > could add an ACL entry to various files in /dev when a user logs in, > or logs out, or time passes, or some device is plugged in, or > whatever. No need for special groups. Of course, maintenance would > probably be a nightmare, unless there's a way to share ACLs between > files that I'm not aware of.
/dev is a tmpfs and that filesystem supports ACL only in very recent kernel. IIRC it has been introduced in the (upcoming) 2.6.19. Cheers, -- Raphaël Hertzog Premier livre français sur Debian GNU/Linux : http://www.ouaza.com/livre/admin-debian/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]