-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Sunday 2006-01-22 at 11:43 +0100, Roger Oberholtzer wrote:
In file /etc/logindevperm:
:0 0600 /dev/cdrom:/dev/cdrom1:/dev/cdrom2:/dev/cdrom3
How does logindevperms relate to udev and HAL?
It doesn't, or not directly. HAL: | 1.1. About | | This document concerns the specification of HAL which is a piece of | software that provides a view of the various hardware attached to a | system. In addition to this, HAL keeps detailed metadata for each piece of | hardware and provide hooks such that system- and desktop-level software | can react to changes in the hardware configuration in order to maintain | system policy. So, any piece of hardware is listed by it (try "lshal"). With udev I'm not familiar, but it serves to create the devices files (the /dev tree) on the fly. I suppose it gets info from hal (hardware abstraction layer?) about which node to create. What permissions does it use? Dunno. Looking at it, it is configured in /etc/udev/udev.conf. I see two interesting entries: udev_log - set to "yes" if you want logging, else "no" udev_log="yes" # udev_perms - The name and location of the permissions device udev_devperms="/dev/devperms" You should have a look at file "/dev/devperms" to see what it has, mine is empty. Udev is active in my 9.3, but the device nodes are static, I think (judging by the creation date). Not sure how to know. Grepping with "mc" in "/etc/udev/" for references to "cdrom" I don't find permissions references. Looking for "hda" I find two, but I don't think those are the ones we are looking for: KERNEL="dos_hda*", NAME="%k", GROUP="disk", MODE="660" KERNEL="i2o/hda*", NAME="%k", GROUP="disk", MODE="660" Finally, we have "logindevperm" (man logindevperm): | NAME | /etc/logindevperm - configuration file for pam_devperm.so So it is used by PAM.
I would guess that if a device is already present when you log in, logindevperms will replace any udev/HAL settings. If the device gets inserted while logged in, the udev/HAL settings are used and not logindevperms.
Not sure of that.
Joy. Another piece of the puzzle.
And, what happens if someone logs in after you while you are logged in? login runs as root, so there is nothing stopping it from claiming the device for the new login. Meaning that any changes made by the first person would be set to logindevperms when the second person logs in.
No, the permissions do not change, the first user keeps control.
I guess the first item on each logindevperms line allows a bit of control over this. But I would happy to fully understand the interaction with udev/HAL. The default logindevperms explains why you only get the device settings when you log in as the first GUI login on the console, as only that is defined in the default SUSE logindevperms.
It doesn't matter if you log in X or in the console, as long as it is a local one. Or it did not when I looked at this time ago, I might be mistaken.
Anyway, thanks for the pointer to logindevperms. It is now on the radar. Too bad it still does not explain why /dev/ttyS0 is set to rw access only for the current login. I have not traced who does that.
The /dev/ttyS0 is symlinked to /dev/modem: look for this one in those configuration files and you will find it. I will shove more clutter on your radar: have a look at /etc/resmgr.conf as well :-P Anyway, just try to modify the cdrom line in logindevperm, and find out if it solves your issue. Or, comment it out, and find if it sticks put. - -- Cheers, Carlos Robinson -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (GNU/Linux) Comment: Made with pgp4pine 1.76 iD8DBQFD056NtTMYHG2NR9URAr7nAJ9BbklRET8RJoVWMlIjrdojg8gpdQCffo9Q Kl3MiD1VBwuZm/gvYe47GS4= =wRLZ -----END PGP SIGNATURE-----