Re: [patch 0/2] Tmpfs acls
From: Andreas Gruenbacher
Date: Mon Jan 09 2006 - 18:57:22 EST
On Monday 09 January 2006 00:34, Matthew Garrett wrote:
> Andreas Gruenbacher <agruen@xxxxxxx> wrote:
> > This is an update of the tmpfs acl patches against 2.6.15-git4. (The
> > first version of these patches was posted on 2 February 2005.) We'll
> > have our /dev tree on tmpfs in the future, and we need acls there to
> > manage device inode permissions of logged-in users. Other distributions
> > will be in exactly the same situation, and need this patchset as well.
>
> Hmm. Do you have any infrastructure for revoking open file descriptors
> when a user logs out?
Open file descriptors have nothing to do with it. The device permissions are
set by different pam modules on different distributions (pam_console,
pam_resmgr).
Without acls, permissions are assigned by changing file ownership. With acls,
the respective user or users can be given access as appropriate, which is
more flexible. There are a few cases in which it is desirable to grant access
to a device to more than one locally logged in user. This also obsoletes the
resmgr hack of passing around open file descriptors and several hacks in
applications that use this mechanism, because permissions can be set as
appropriate.
Andreas
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/