Darren J Moffat wrote: > /dev/console could, I believe, be a serial line. That > means that the console could be in a physically separate > location to the usb attached keyboard/mouse and the monitor. > > In that case it may not be desirable that root can login > on the /dev/vt# entries but we would accept it on > /dev/console since that is the serial line. > > My concern is with CONSOLE=/dev/console suddenly starting > to mean /dev/console and all the allocated /dev/vt# entries.
So should a new name be introduced that means /dev/console and all /dev/vt*'s? Say /dev/vt* or /dev/vc/* ? > Now in my opinion CONSOLE= is actually the wrong interface > here. On at least one Linux system I've seen they do > this check in a PAM module (where we should be doing it) > and it checks a file /etc/securetty. That's what BSD's use too isn't it? > What we do need to agree on though is if /dev/console > should continue to mean just /dev/console or should > it mean /dev/console and all /dev/vt# devices. Personally > I prefer that it say meaning just /dev/console and that > some other case fix login(1) and introduce the appropriate > PAM module to allow root to login on other devices. Moving it into PAM would reduce one of the reasons other code calls libcmd to read /etc/default/login (it's not just login - it's also xdm, gdm, & dtlogin), which is also a good thing. -- -Alan Coopersmith- alan.coopersmith at sun.com Sun Microsystems, Inc. - X Window System Engineering