Main Menu
PHP Tools
PHP Help Request
PHP Editors Newsletter
Editor Search
Reviewed PHP Editors
Latest News
Submit News
PHP Tutorials
PHP Book Reviews
Online Book Chapters
PHP Games

Forums
RSS 2.0
PHP Desktop Editors
Other PHP Tools
PHP Contests
PHP Programming Help
Linux Help
Apache Help
MySQL Help
PHP Games
PHP Jobs
PHP Forums Home

Programming Contest
PHP Contests
PHP Contests Archive

Documentation
PHP Manual
PEAR Manual
PHP-GTK Manual
Smarty Manual
PostgreSQL Manual
CSS 2 Reference
Redhat Linux 9
HTML 4.01
Apache 2 Manual

Partner Sites
Ajax Tutorials
Webmaster Resources
Web Templates
PHP Scripts
PHP Code Examples
Learn PHP playing Trivia
PHP & MySQL Forums
Web Development Index
web site templates

Sponsors

NuSphere



All Red Hat Linux documents are copyrighted to Red Hat Inc.

Red Hat Linux 9: Red Hat Linux Reference Guide
PrevChapter 14. Pluggable Authentication Modules (PAM)Next

14.6. PAM and Device Ownership

Red Hat Linux allows the first user to log in on the physical console of the machine the ability to manipulate some devices and perform some tasks normally reserved for the root user. This is controlled by a PAM module called pam_console.so.

14.6.1. Device Ownership

When a user logs into a machine under Red Hat Linux, the pam_console.so module is called by login or the graphical login programs, gdm and kdm. If this user is the first user to log in at the physical console — called the console user — the module grants the user ownership of a variety of devices normally owned by root. The console user owns these devices until the last local session for that user ends. Once the user has logged out, ownership of the devices reverts back to the root user.

The devices affected include, but are not limited to, sound cards, diskette drives, and CD-ROM drives.

This allows a local user to manipulate these devices without attaining root, thus simplifying common tasks for the console user.

By modifying the file /etc/security/console.perms, the administrator can edit the list of devices controlled by pam_console.so.

14.6.2. Application Access

The console user is also allowed access to certain programs with a file bearing the command name in the /etc/security/console.apps/ directory.

One notable group of applications the console user has access to are three programs which shut off or reboot the system. These are:

  • /sbin/halt

  • /sbin/reboot

  • /sbin/poweroff

Because these are PAM-aware applications, they call the pam_console.so module as a requirement for use.

For more information, refer to the man pages for pam_console, console.perms, console.apps, and userhelper.

PrevHomeNext
Creating PAM ModulesUpAdditional Resources
© Copyright 2003-2023 www.php-editors.com. The ultimate PHP Editor and PHP IDE site.