Bugzilla (bugzilla.redhat.com) will be under maintenance for infrastructure upgrades and will not be available on July 31st between 12:30 AM - 05:30 AM UTC. We appreciate your understanding and patience. You can follow status.redhat.com for details.
Bug 156069 - read console perm config files from /etc/security/console.perms.d
Summary: read console perm config files from /etc/security/console.perms.d
Alias: None
Product: Fedora
Classification: Fedora
Component: pam
Version: rawhide
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Tomas Mraz
QA Contact:
: 135093 (view as bug list)
Depends On:
Blocks: FC4Blocker
TreeView+ depends on / blocked
Reported: 2005-04-27 11:06 UTC by Harald Hoyer
Modified: 2007-11-30 22:11 UTC (History)
2 users (show)

Fixed In Version: pam-0.79-8
Doc Type: Enhancement
Doc Text:
Clone Of:
Last Closed: 2005-05-06 09:24:25 UTC
Type: ---

Attachments (Terms of Use)

Description Harald Hoyer 2005-04-27 11:06:16 UTC
pam_console should read the config files from
/etc/security/console.perms.d/*.perms and ignore other files in
/etc/security/console.perms.d (hint glob(3))
for backwards compatibility it should read /etc/security/console.perms also.

first match wins, so if you have

10-local.perms wins over 50-console.perms... hint use setlocale("C") to ensure
reproducible sorting by e.g. glob(3)

Comment 1 Harald Hoyer 2005-04-27 11:08:36 UTC
10-local.perms wins over 50-console.perms, means "wins" only for the same regexp
matches... if no match is found in 10-local.perms, 50-console.perms will be
looked up of course.

Comment 2 Warren Togami 2005-04-27 18:14:25 UTC
Should we keep /etc/security/console.perms where it is, but symlink from
/etc/security/console.perms.d/default.perms ../console.perms, then read *only*
files in /etc/security/console.perms.d/*.perms?  Just an idea, maybe bad.

Adding FC4Blocker because this is simple to implement and vital functionality
that we eventually need.

Comment 3 Warren Togami 2005-04-27 18:53:31 UTC
Then add a note to the default console.perms like "do not edit this file".  Then
make it no longer a %config file, so it gets wiped out with the default upon
every upgrade.

Comment 4 Tomas Mraz 2005-04-28 10:41:04 UTC
Re comment #2 - I'd like to leave the console.perms file as it is and where it
is - it really isn't a complication. OTOH reading only .perms files is surely
desirable - to skip backups at least.

Re comment #3 - I'm not sure if this is a good idea, because I don't know what
would happen on upgrade from the current package with console.perms as %config
when an user has modified console.perms file already. Would it leave there the
.rpmsave file or not? If not we would erase settings of user who didn't know
that we are changing the purpose of console.perms.

Comment 5 Harald Hoyer 2005-04-28 11:11:47 UTC
just let /etc/security/console.perms be where it is... no hassle.. 

Comment 6 Tomas Mraz 2005-04-29 11:58:06 UTC
*** Bug 135093 has been marked as a duplicate of this bug. ***

Comment 7 Warren Togami 2005-05-02 08:29:45 UTC
In response to Comment #4, at some point we need to allow console.perms to be
overwritten by a new packaged version.  People upgrading to a new distribution
should expect some reconfiguration may be needed to get devices working again. 
People affected by this are very few compared to the real benefit that most
people would gain by having an uneditable default console.perms.

We might as well make that "new distribution" FC4.

Comment 8 Tomas Mraz 2005-05-02 08:45:28 UTC
I've changed console.perms to be %config and not %config(noreplace). It should
be enough to fix the problem you mention and we don't drop the old settings

Note You need to log in before you can comment on or make changes to this bug.