Devices and permissions
Matias Féliciano
feliciano.matias at free.fr
Wed Oct 20 12:16:06 UTC 2004
Le mercredi 20 octobre 2004 à 13:48 +0200, Alain PORTAL a écrit :
> Hi Nils, thanks for your answer.
>
> Le mercredi 20 Octobre 2004 11:32, Nils Philippsen a écrit :
>
> > So is it a client or a server application?
>
> Perhaps I need to tell more about this application: this is an IDE for the
> developpement of Microchip PIC based applications. This IDE also can program
> chip devices through serial or paralell ports programmers.
> http://pikdev.free.fr/
> So, logged user need to access to the serial/paralell ports in RW mode.
> We should consider that is a client application.
>
> > If it's a client application,
> > all users who want to use it must have the permissions, either by
> > belonging to a special group or /etc/security/console.perms trickeries.
>
> Create a special group doesn't seem to me a good idea because if a new user is
> added after the package installation, he won't belong to the new group and
> administrator will need to add him manually.
> I prefer a solution where all users can use the application by default.
>
> So, using /etc/security/console.perms seems the best way.
> Here is my purposal:
>
> # device classes
> <serialport>=/dev/ttyS[0-9]
> <paralellport>=/dev/parport[0-7]
>
> # permission definitions
> <console> 0600 <serialport> 0660 root.uucp
> <console> 0600 <paralellport> 0660 root.lp
>
> Does it seem right for you?
>
> How can I add/remove these lines via rpm (un)installation?
>
With Perl, sed ...
Personally, I don't like that third party package touch security files.
Put some instructions in README or INSTALL file and let the
administrator do his job :-)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Ceci est une partie de message
=?ISO-8859-1?Q?num=E9riquement?= =?ISO-8859-1?Q?_sign=E9e?=
Url : http://lists.fedoraproject.org/pipermail/devel/attachments/20041020/736d2066/attachment-0002.bin
More information about the devel
mailing list