PAM (from D-Bus/HAL discussion)

Dan Nicholson dbn.lists at gmail.com
Sun Apr 9 17:59:43 PDT 2006


On 4/8/06, Joe Ciccone <jciccone at gmail.com> wrote:
> Jürg Billeter wrote:
> > Default HAL policy only permits root and at_console users to mount
> > storage devices. Whether a user is at console or not is determined by
> > checking whether the file /var/run/console/USERNAME exists. This file
> > gets automatically created by e.g. pam_console or pam_foreground, iirc.
> >
> > BTW: The policy can be changed in /etc/dbus-1/system.d/hal.conf
> >
> > Jürg
>   <policy group="500">
>     <allow
> send_interface="org.freedesktop.Hal.Device.SystemPowerManagement"/>
>     <allow send_interface="org.freedesktop.Hal.Device.LaptopPanel"/>
>     <allow send_interface="org.freedesktop.Hal.Device.Volume"/>
>     <allow send_interface="org.freedesktop.Hal.Device.Volume.Crypto"/>
>   </policy>

This is just information for anyone planning on installing
gnome-volume-manager-1.5.15.  Under the default configuration,
gnome-volume-manager only runs if the user has an entry in
/var/run/console, e.g., /var/run/console/dan.  The typical way to do
this is to use the pam_console module mentioned at the beginning of
this thread.  Otherwise, you could maybe do some hack to create the
file at login.

However, if you pass --disable-multiuser to configure, manager.c will
always return true for the *_at_console checks.  Then it works with
the default system we have set up (well, if you also have new
HAL/D-Bus and gnome-mount).

--
Dan



More information about the blfs-dev mailing list