RE: pam_console_apply extension RE: [Cooker] Sound devices perms

2001-09-11 Thread Borsenkow Andrej 


> 
> > REGISTER   .*  EXECUTE /sbin/pam_console_apply
$devpath
> 
> used to be there. Too slow.
>

No. What was there was 

REGISTER   .*  EXECUTE /sbin/pam_console_apply

That runs pam_console_applies for *all* devices every time. I suggest
extending pam_console_apply to run for a single specific file. It should
not be slower than loading module :-)
 
> >
> > We do not need to do anything on unregistered.
> >
> > What I do *not* like, is that this triggers CHANGE action
additionally.
> > But that's another problem ...
> 
> IMO it's a bug. I've not had a look yet.

pam_console_apply extension RE: [Cooker] Sound devices perms

2001-09-11 Thread Borsenkow Andrej 


> 
> > By the way, why do we have now to be in audio group to play sound ??
> > (this is a real question)
> 
> before devfs I think the permissions were set when logging in (see
> /etc/security/console.perms). I don't know why this was changed, maybe
it
> just needs to be fixed?
> 


They still are. The only problem is when module is loaded *after* you
have logged in. In this case sound devices get 660 as per devfsd.conf.

I believe, pam_console_apply should be extended to allow device name as
argument and used in devfsd.conf, like

REGISTER   .*  EXECUTE /sbin/pam_console_apply $devpath

We do not need to do anything on unregistered.

What I do *not* like, is that this triggers CHANGE action additionally.
But that's another problem ...

-andrej