-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Tim wrote: > On Fri, 2006-05-26 at 00:01 -0400, Todd Zullinger wrote: >> Gnome has user switching but it's disabled in FC5 "due to console >> permission issues" according to the list of common bugs and issues >> in FC5[1]. > > I thought it was more than just "console issues", as you don't get > sound, either. And what about when you plug in hotplugable items > (flash drives, etc.), which user gets to own them? Those are all basically console permission issues. Console in this context isn't the terminal screens on VT 1-6, it's referring more generally to the system the user is sitting in front of (I hope that makes some sense, I realize I've worded it poorly :). Depending on what your situation is, the permission issues may not be of much concern to you. I setup an FC5 system for one of my friends kids and I wanted the whole family to be able to use the system so they could see how cool free software could be. I found it annoying that the user switching wasn't enabled so I set about trying to fix it. As the kids are only 6, there's not a lot of worry about them taking advantage of any local security issues to gain higher level access. I installed the user switch applet and removed the patches from the fedora gnome packages that disabled user switching from the screensaver dialog. Then I modified the console permissions by creating 99-local.perms in /etc/security/console.perms.d to relax the permissions that are setup when a user is granted the console. This way when they switch users sound will work and other permissions get set with group write perms instead of just owner write perms. I haven't played much yet with flash drives and such, and I may need to dig into gnome-mount to see how things are done there if there are any issues about the permissions that filesystems on removable drives are given. I don't expect any of it to be too difficult to work out. The security requirements for this system aren't so great, as all the users of it trust one another. In many other situations the changes I made wouldn't be good security trade offs. I do wish I was able to find more discussion of the issues, just for my own enlightenment. In bug #186685, Rahul Sundaram said that fedora-test and -devel had various discussions about it, but in the time I tried to search the archives I wasn't able to turn up those threads. It'd be nice those threads were linked to in the wiki or bugzilla. Anyway, it was a good chance to experiment. I'll find out how well I did when I deliver the computer. I'm anxious to see how long it takes to get some bug reports about my work and things I missed. :) - -- Todd OpenPGP -> KeyID: 0xD654075A | URL: www.pobox.com/~tmz/pgp ====================================================================== Left to Her own devices, nature cures stupidity. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (GNU/Linux) Comment: When crypto is outlawed bayl bhgynjf jvyy unir cevinpl. iG0EARECAC0FAkR2ujMmGGh0dHA6Ly93d3cucG9ib3guY29tL350bXovcGdwL3Rt ei5hc2MACgkQuv+09NZUB1pZHwCg23v9ZLx05MejwZ+ZPm6VvovdeDoAoIad1j1l KflkkSPcdZfJ898FUWZb =egBs -----END PGP SIGNATURE-----
