On Thu, Mar 31, 2005 at 03:17:06PM +0200, Diego Flameeyes Petten? wrote: > Anyway I was wondering what pam_console is used for, at the end. It's a way > to > set up permissions when someone logins at a console. I would never use > something like that on a remote server, as anyone which could have a local > login can do anything? It also doesn't make sense on a recent user system > configured properly, as devfs/udev would take care of permissions, and users > needs only to set the group correctly (simpler than using pam_console > anyway). Since you asked, pam_console is extremely useful in shared computer lab settings. Take this scenario for example: - User A has logged into a lab workstation from home, and is working on his stuff. - User B physically goes and sits at the workstation, as he wants to copy his research materials to a floppy disk (but this applies to any other hardware as well; eg modems, cd writers, et al). - User A should never have access to the floppy disk, as he is not physically present. Only User B should have access, because he is physically present. - Using groups in this case (eg the floppy group) is not suitable, as both users would have to be in it, and then they could both access the floppy drive. - pam_console applies a set of permissions ONLY for users logged in at the local machine, for the duration of their login. So for the duration of User B's physical time at the machine, he has access to the hardware as allowed by pam_console.
That said, pam_console is a pain to deal with under a few cases: - it only takes effect for the first concurrent login at a machine (eg the first virtual terminal in use, when none of the others are in use). - In some cases it doesn't correctly reset the permissions after the user. I'd say more than 99% of Gentoo users probably have no use for pam_console, but it still has a place in Gentoo. -- Robin Hugh Johnson E-Mail : [EMAIL PROTECTED] Home Page : http://www.orbis-terrarum.net/?l=people.robbat2 ICQ# : 30269588 or 41961639 GnuPG FP : 11AC BA4F 4778 E3F6 E4ED F38E B27B 944E 3488 4E85
pgpXbTjAEN7Nx.pgp
Description: PGP signature
