From: thorongil@telenet.be.invalid   
      
   On Wednesday 05 November 2014 07:57, Markus R. Keßler conveyed the   
   following to alt.os.linux.mandriva...   
      
   > Hi everyone,   
   >   
   > for security purposes, I usually distinguish between higher and lower   
   > risk users in Mandriva (and SuSE also).   
   >   
   > I log in into X.11 / GDM / KDE as the user who needs maximum rights,   
   > and other users which I need for firefox with flash contents (for   
   > webbased learning, video conferences etc) are just logged in via shell   
   > window and "su - newuser" and then starting firefox or opera under   
   > that user.   
   >   
   > This works fine and any attack would run only with very limited user   
   > rights, but in this case I cannot access /dev/dsp etc from this new   
   > user.   
      
   What are the permissions on /dev/dsp, /dev/video, et al?   
      
   > It seems to me that access to audio devices is set via ACL during   
   > logging in into graphical session.   
      
   I must admit that I haven't checked on that, but it's possible.  Another   
   trick - which Mandrake/Mandriva /used to/ apply in the past is change   
   ownership of /dev/dsp and friends on-the-fly, depending on who was   
   logged in via kdm.   
      
   Something you have to keep in mind if you decide to change the   
   permissions and/or ownership of files under /dev is that they reside on   
   tmpfs, so the changes will not persist across reboots.   
      
   Of course, you could change ownership via a boot-up script, but I'm no   
   expert on systemd.  As I gather, it does have compatibility with   
   sysvinit, so it should be able to run the equivalent of an rc.local -   
   perhaps local.service or something of that nature?   
      
   --   
   = Aragorn =   
      
            http://www.linuxcounter.net - registrant #223157   
      
   --- SoupGate-Win32 v1.05   
    * Origin: you cannot sedate... all the things you hate (1:229/2)