home bbs files messages ]

Forums before death by AOL, social media and spammers... "We can't have nice things"

   alt.os.linux.mandriva      Somewhat decent but also getting bloated      29,919 messages   

[   << oldest   |   < older   |   list   |   newer >   |   newest >>   ]

   Message 29,650 of 29,919   
   Aragorn to All   
   Re: X.11-GDM-KDE, how can not-logged-in    
   05 Nov 14 13:46:00   
   
   From: thorongil@telenet.be.invalid   
      
   On Wednesday 05 November 2014 12:29, Markus R. Keßler conveyed the   
   following to alt.os.linux.mandriva...   
      
   > Aragorn wrote:   
   >   
   >> On Wednesday 05 November 2014 07:57, Markus R. Keßler conveyed the   
   >> following to alt.os.linux.mandriva...   
   >>>   
   >>> for security purposes, I usually distinguish between higher and   
   >>> lower risk users in Mandriva (and SuSE also).   
   >>>   
   >>> I log in into X.11 / GDM / KDE as the user who needs maximum rights,   
   >>> and other users which I need for firefox with flash contents (for   
   >>> webbased learning, video conferences etc) are just logged in via   
   >>> shell window and "su - newuser" and then starting firefox or opera   
   >>> under that user.   
   >>>   
   >>> This works fine and any attack would run only with very limited user   
   >>> rights, but in this case I cannot access /dev/dsp etc from this new   
   >>> user.   
   >>   
   >> What are the permissions on /dev/dsp, /dev/video, et al?   
   >   
   > [668 dimke@ansgar ~]$ ll /dev/dsp   
   > crw-rw----+ 1 root audio 14, 3 2014-11-05 07:26 /dev/dsp   
   >   
   > [669 dimke@ansgar ~]$ ll /dev/video0   
   > crw-rw----+ 1 root video 81, 0 2014-11-05 12:26 /dev/video0   
   >   
   > [670 dimke@ansgar ~]$ /usr/bin/getfacl /dev/dsp   
   > getfacl: Removing leading '/' from absolute path names   
   > # file: dev/dsp   
   > # owner: root   
   > # group: audio   
   > user::rw-   
   > user:dimke:rw-   
   > group::rw-   
   > mask::rw-   
   > other::---   
   >   
   > [671 dimke@ansgar ~]$ /usr/bin/getfacl /dev/video0   
   > getfacl: Removing leading '/' from absolute path names   
   > # file: dev/video0   
   > # owner: root   
   > # group: video   
   > user::rw-   
   > user:dimke:rw-   
   > group::rw-   
   > mask::rw-   
   > other::---   
      
   In that case, add your other user accounts to the audio and video   
   groups, and it should work.  Mind you, you may need to log out those   
   particular other user accounts and log back in [*] before the chances   
   will take effect.   
      
   [*] By this I mean:   
      
       $ exit   
      
       ... or hit Ctrl+D, and then...   
      
       $ su - other_user   
      
       ... again.   
      
   --   
   = Aragorn =   
      
            http://www.linuxcounter.net - registrant #223157   
      
   --- SoupGate-Win32 v1.05   
    * Origin: you cannot sedate... all the things you hate (1:229/2)   

[   << oldest   |   < older   |   list   |   newer >   |   newest >>   ]


(c) 1994,  bbs@darkrealms.ca