Hi, > a large number of programs in /usr/bin (hwbrowser, printconf-tui, > etc.) are really just symlinks to the "consolehelper" program. > fair enough. this is supposed to give users logged in at the > console access to these programs without needing root access, > right?
>From the man page (but I may be wrong) it doesn't gives you root access, but uses pam for authentication in case you own the console, and give you root access if pam authenticates you. Did you change your /etc/pam.d/printconf-tui ? If not, you may notice that there is auth required /lib/security/pam_stack.so service=system-auth in it, thus you have to provide your passwd in order to be authenticated and then get root privileges. > note that the console ports include the virtual consoles and > X server display. but they *don't* include the pseudo-ports that > one would get with, say, an xterm. If you run an xterm, then X is started, or you logged in a tty. Thus console.perms allready gave you rights on the peripheral it has to. > so what happens if i try to run "hwbrowser" as a regular user > from an xterm? i get prompted for the root password. is this > because an xterm is not considered being "at the console"? > > if i switch back to a true virtual console and try to run, say, > printconf-tui, i *still* get prompted for the root password. > so what's the magic of being at the console if i still need > the root password? The magic is that you own some devices: do a ls -l /dev/fb before and after login (before == logged as root with nobody logged before). But maybe you knew it allready. With respect with consolehelper, it seems that you may gain root privileges without being logged in as root, otherwise you couldn't. And you may still put pam_permit in your /etc/pam.d files. > have i forgotten to configure something critical? I think so, the /etc/pam.d/princonf-tui..... Pat _______________________________________________ Redhat-list mailing list [EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/redhat-list