"console" virtual group for desktop users

[Matthew Mastracci]

> > An nsswitch module could just enumerate the entries in
> > /var/run/console/* and return them as part of the console group. These
> > users should then have access to the given console device.
> >
> > Thoughts?
> 
> Assume that user A logs in, starts a background process, and logs out again. 
> Now user B logs in. The background process of user A would continue to have 
> the privileges associated with the console group afaik. That may be a 
> problem.

Good point.  I suppose adding and removing ACLs (on a filesystem that
supports it) might be a better solution.

In the mean time, I guess I'll use remove all of the entries from
console.perms, set all of the devices as root.console and keep the
console group definition static with both of my local users.

Have any of the desktop environment groups put any thought into how this
stuff might work long-term?  I'm pretty certain the gdm multiple-login
feature is going to be popular, potentially causing a few headaches like
I'm having (though my case is just two X sessions on Ctrl+Alt+F7/F8).

Thanks for the info,
-- 
Matthew Mastracci <matt at aclaro.com>