On Mon, 2006-01-23 at 22:45 +0100, Joerg Schilling wrote:
> Lee Revell <[email protected]> wrote:
>
> > On Mon, 2006-01-23 at 22:21 +0100, Matthias Andree wrote:
> > > Sounds really good. Can you give a pointer as to the detailed rlimit
> > > requirements?
> >
> > I don't want to touch the rest of the thread, but the best info on the
> > above can be found in the linux-audio-user list archives. It's still a
> > little unclear exactly which packages are required, but IIRC PAM 0.80
> > supports it already. I believe this requires glibc changes eventually,
> > but programs like PAM and bash that deal with rlimits can work around it
> > if glibc is not aware of the new rlimit.
>
> Could you explain this more in depth?
>
> What you describe looks like you propose to add a line:
>
> joerg::::defaultpriv=file_dac_read,sys_devices,proc_lock_memory,proc_priocntl,net_privaddr
>
> to /etc/user_attr which would be honored by PAM during login.
>
> This is not what I like to see.
>
> What I like to see is that only specific programs like cdrecord
> would get the permissions to do more than joe user.
It's not that fine grained, it works at a user/group level.
You would add a line like:
@cdrecord hard rtprio 80
to /etc/security/limits.conf and add users to the cdrecord group.
Lee
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[Index of Archives]
[Kernel Newbies]
[Netfilter]
[Bugtraq]
[Photo]
[Stuff]
[Gimp]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Video 4 Linux]
[Linux for the blind]
[Linux Resources]
