[ConsoleKit] Permissions with consolekit and gdm
kay.sievers at vrfy.org
Fri Jul 2 04:32:28 PDT 2010
On Fri, Jul 2, 2010 at 11:57, Christoph Pleger
<Christoph.Pleger at cs.tu-dortmund.de> wrote:
>> Kernel device events can happen any time, the kernel is free to send
>> 'change' events whenever needed, or userspace tools re-apply udev
>> configuration by synthesizing events.
> I just created a udev rule that calls an external program every time
> when a udev event occurs. The external program ist just a shell script
> that calls:
> export >> /tmp/udev
> After logging in, /tmp/udev does not exist. That shows that no udev
> event occurs when a user logs in.
As said, it does not matter what broken other tool might exist and is
changing permissions. All of them will fail in the end, and are broken
on today's systems, and can never work reliably.
PAM can not handle device plug/unplug setups, can not handle
kernel-events, and this will in all cases create inconsistencies.
Hooking into login alone can not be sufficient.
Udev will always overwrite any out-of-udev-config permission settings.
Just use the udev-provided ACL handling, and all should be fine.
Everything else is just a waste of time, and can never work as
expected on real systems.
More information about the ConsoleKit