Linux - GeneralThis Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Introduction to Linux - A Hands on Guide
This guide was created as an overview of the Linux Operating System, geared toward new users as an exploration tour and getting started guide, with exercises at the end of each chapter.
For more advanced trainees it can be a desktop reference, and a collection of the base knowledge needed to proceed with system and network administration. This book contains many real life examples derived from the author's experience as a Linux system and network administrator, trainer and consultant. They hope these examples will help you to get a better understanding of the Linux system and that you feel encouraged to try out things on your own.
Click Here to receive this Complete Guide absolutely free.
hello, I'm using a usb communication lib which needs read/write access to devices in /dev/bus/usb/
I can do this in root but I'd much rather not, is anyone aware of any way of using pam to override access to specific files?, I'm grasping at straws I know but I can't think of any other approach to this problem.
Some additional info about the file:
"crw-rw-r-- 1 root root 189, 2 2009-08-15 13:14 /dev/bus/usb/001/003"
unSpawn, that's an interesting solution but pam_console isn't on my system, I can't even find it with an "apt-file search" and that contains a complete map of files in a debian repository. It probably seems like there's something equivilant floating around so I'll dig a little deeper. Out of curiosity, have you ever got a working example of this kind of configuration?, even an obsolete configuration would be useful, cheers
Also, I should mention that I've solved the problem of accessing the device in a non-root shell by using a different library, routing through the /dev/ttyUSB0 interface, it's an ftdi usb device. That said, i'd still like to expose the functionality in the systems you've mentioned
Spanning 4 years the bug #166718 discussion might help explain what issues Debian saw with pam_console and elected to use pam_foreground instead. What pam_console basically does is chown files (remember everything is a file) to the user logging in for the duration of that session. If you have pam_foreground it should be in /etc/pam.d/common-session.
* I don't know what package pam_foreground is in and I do wonder if you should instead use PolicyKit/ConsoleKit...
I installed pam_foreground, it's stored under libpam-foreground in apt. Now, when I login, there's a file called /var/run/console/gmurphy:1 which a program called check-foreground-console checks when evaluating my console ownership status (I think), this is all pretty interesting unSpawn, but I can't see a route towards overriding permissions on specific files using this approach, the documentation is very sparse, would you be able to advise on how I should proceed?
I've had a look at Debian libpam.* packages to see if there's a pam_console equivalent and I can't find it. Since you have a basic idea of what pam_console does and what you want I'd suggest you proceed by creating a new PAM/Hal/Udev/Policykit-related thread in the Debian forum. Sorry I couldn't be of more help.
Update, pam could provide a route to the solution if I explicitly setup a service (usb_read, for example) in pam.d, using the pam api I could patch into this service, authenticate and get access to the files in question either through changing my UID or creating a pam proxy which did the file access for me, a lot of work really. As it turns out, a simple init script which chowns and chgrps the proc files I need to access will work just fine as well