Bug 156069 - read console perm config files from /etc/security/console.perms.d
read console perm config files from /etc/security/console.perms.d
Status: CLOSED RAWHIDE
Product: Fedora
Classification: Fedora
Component: pam (Show other bugs)
rawhide
All Linux
medium Severity medium
: ---
: ---
Assigned To: Tomas Mraz
: FutureFeature
: 135093 (view as bug list)
Depends On:
Blocks: FC4Blocker
  Show dependency treegraph
 
Reported: 2005-04-27 07:06 EDT by Harald Hoyer
Modified: 2007-11-30 17:11 EST (History)
2 users (show)

See Also:
Fixed In Version: pam-0.79-8
Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2005-05-06 05:24:25 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)

  None (edit)
Description Harald Hoyer 2005-04-27 07:06:16 EDT
pam_console should read the config files from
/etc/security/console.perms.d/*.perms and ignore other files in
/etc/security/console.perms.d (hint glob(3))
for backwards compatibility it should read /etc/security/console.perms also.

first match wins, so if you have
10-local.perms
50-console.perms
70-otherlocal.perms

10-local.perms wins over 50-console.perms... hint use setlocale("C") to ensure
reproducible sorting by e.g. glob(3)
Comment 1 Harald Hoyer 2005-04-27 07:08:36 EDT
10-local.perms wins over 50-console.perms, means "wins" only for the same regexp
matches... if no match is found in 10-local.perms, 50-console.perms will be
looked up of course.
Comment 2 Warren Togami 2005-04-27 14:14:25 EDT
Should we keep /etc/security/console.perms where it is, but symlink from
/etc/security/console.perms.d/default.perms ../console.perms, then read *only*
files in /etc/security/console.perms.d/*.perms?  Just an idea, maybe bad.

Adding FC4Blocker because this is simple to implement and vital functionality
that we eventually need.
Comment 3 Warren Togami 2005-04-27 14:53:31 EDT
Then add a note to the default console.perms like "do not edit this file".  Then
make it no longer a %config file, so it gets wiped out with the default upon
every upgrade.
Comment 4 Tomas Mraz 2005-04-28 06:41:04 EDT
Re comment #2 - I'd like to leave the console.perms file as it is and where it
is - it really isn't a complication. OTOH reading only .perms files is surely
desirable - to skip backups at least.

Re comment #3 - I'm not sure if this is a good idea, because I don't know what
would happen on upgrade from the current package with console.perms as %config
when an user has modified console.perms file already. Would it leave there the
.rpmsave file or not? If not we would erase settings of user who didn't know
that we are changing the purpose of console.perms.
Comment 5 Harald Hoyer 2005-04-28 07:11:47 EDT
just let /etc/security/console.perms be where it is... no hassle.. 
Comment 6 Tomas Mraz 2005-04-29 07:58:06 EDT
*** Bug 135093 has been marked as a duplicate of this bug. ***
Comment 7 Warren Togami 2005-05-02 04:29:45 EDT
In response to Comment #4, at some point we need to allow console.perms to be
overwritten by a new packaged version.  People upgrading to a new distribution
should expect some reconfiguration may be needed to get devices working again. 
People affected by this are very few compared to the real benefit that most
people would gain by having an uneditable default console.perms.

We might as well make that "new distribution" FC4.
Comment 8 Tomas Mraz 2005-05-02 04:45:28 EDT
I've changed console.perms to be %config and not %config(noreplace). It should
be enough to fix the problem you mention and we don't drop the old settings
completely.

Note You need to log in before you can comment on or make changes to this bug.