On Sun, Dec 07, 2008 at 03:20:01PM -0600, Brian Cameron wrote: > Thanks for the information. Unfortunately, using chmod/chown does not > seem a workable solution to me, unless I am missing something. Normally > logindevperm(4) is used for managing the ownership and permissions of > device files (like the audio device), and if the GDM daemon just calls > chown/chmod on the audio device, then it seems this could easily cause > inconsistencies with logindevperm.
As Mark replied, chmod(1) isn't just for setting file permissions, but also for ACL manipulation. That said, I don't see why di_devperm_login() couldn't stomp all over the ACL too. So you'll need to make sure that di_devperm_login() doesn't stomp over the ACL, which will probably mean running an ARC case and updating the logindevperm(4) manpage. Alternatively, can't GDM open the devices it needs before dropping privileges? It does run with all [zone] privileges, after all. > Remember, for example, that multiple users can login into the same > machine. Perhaps one via the console, and other users via XDMCP or > other remote methods. VT (Virtual Terminal) will soon integrate > into Solaris and add yet another way that users can log in. VT is in *now* and has been for a few builds. Nico -- _______________________________________________ zfs-discuss mailing list zfs-discuss@opensolaris.org http://mail.opensolaris.org/mailman/listinfo/zfs-discuss
