Darren J Moffat wrote:
> /dev/console could, I believe, be a serial line.  That
> means that the console could be in a physically separate
> location to the usb attached keyboard/mouse and the monitor.
> 
> In that case it may not be desirable that root can login
> on the /dev/vt# entries but we would accept it on
> /dev/console since that is the serial line.
>
> My concern is with CONSOLE=/dev/console suddenly starting
> to mean /dev/console and all the allocated /dev/vt# entries.

So should a new name be introduced that means /dev/console and
all /dev/vt*'s?   Say /dev/vt* or /dev/vc/* ?

> Now in my opinion CONSOLE= is actually the wrong interface
> here.  On at least one Linux system I've seen they do
> this check in a PAM module (where we should be doing it)
> and it checks a file /etc/securetty.

That's what BSD's use too isn't it?

> What we do need to agree on though is if /dev/console
> should continue to mean just /dev/console or should
> it mean /dev/console and all /dev/vt# devices.  Personally
> I prefer that it say meaning just /dev/console and that
> some other case fix login(1) and introduce the appropriate
> PAM module to allow root to login on other devices.

Moving it into PAM would reduce one of the reasons other
code calls libcmd to read /etc/default/login (it's not just
login - it's also xdm, gdm, & dtlogin), which is also a good
thing.

-- 
        -Alan Coopersmith-           alan.coopersmith at sun.com
         Sun Microsystems, Inc. - X Window System Engineering

Reply via email to