pam_console should read the config files from
/etc/security/console.perms.d/*.perms and ignore other files in
/etc/security/console.perms.d (hint glob(3))
for backwards compatibility it should read /etc/security/console.perms also.
first match wins, so if you have
10-local.perms wins over 50-console.perms... hint use setlocale("C") to ensure
reproducible sorting by e.g. glob(3)
10-local.perms wins over 50-console.perms, means "wins" only for the same regexp
matches... if no match is found in 10-local.perms, 50-console.perms will be
looked up of course.
Should we keep /etc/security/console.perms where it is, but symlink from
/etc/security/console.perms.d/default.perms ../console.perms, then read *only*
files in /etc/security/console.perms.d/*.perms? Just an idea, maybe bad.
Adding FC4Blocker because this is simple to implement and vital functionality
that we eventually need.
Then add a note to the default console.perms like "do not edit this file". Then
make it no longer a %config file, so it gets wiped out with the default upon
Re comment #2 - I'd like to leave the console.perms file as it is and where it
is - it really isn't a complication. OTOH reading only .perms files is surely
desirable - to skip backups at least.
Re comment #3 - I'm not sure if this is a good idea, because I don't know what
would happen on upgrade from the current package with console.perms as %config
when an user has modified console.perms file already. Would it leave there the
.rpmsave file or not? If not we would erase settings of user who didn't know
that we are changing the purpose of console.perms.
just let /etc/security/console.perms be where it is... no hassle..
*** Bug 135093 has been marked as a duplicate of this bug. ***
In response to Comment #4, at some point we need to allow console.perms to be
overwritten by a new packaged version. People upgrading to a new distribution
should expect some reconfiguration may be needed to get devices working again.
People affected by this are very few compared to the real benefit that most
people would gain by having an uneditable default console.perms.
We might as well make that "new distribution" FC4.
I've changed console.perms to be %config and not %config(noreplace). It should
be enough to fix the problem you mention and we don't drop the old settings