On Tue, Jul 13, 2004 at 06:11:57PM +0200, Ludovic Rousseau wrote:
> Le Monday 12 July 2004 à 01:18:32, Matt Zimmerman a écrit:
> > However, I do question the need for this mechanism...isn't it simpler to
> > require that users be added to the dialout group? That is its purpose.
>
> I discussed about this possibility in bug #205125.
>
> If the user belongs to the group dialout he will also have access to the
> other serial ports. Maybe that's too permissive and considered as a
> (grave) security problem.
>
> Another solution is to create a "pda" group and change the group of the
> serial device. But you will have a problem if you connect something else
> on the serial port (like a modem).
>
> Do we (Debian) have a policy on how to manage access rights on the
> serial ports, and not just for modem access?
Yes, refer to the base-passwd documentation.
dialout
Full and direct access to serial ports. Members of this group can
reconfigure the modem, dial anywhere, etc.
On Tue, Jul 13, 2004 at 06:11:57PM +0200, Ludovic Rousseau wrote:
> Le Monday 12 July 2004 à 01:18:32, Matt Zimmerman a écrit:
> > However, I do question the need for this mechanism...isn't it simpler to
> > require that users be added to the dialout group? That is its purpose.
>
> I discussed about this possibility in bug #205125.
>
> If the user belongs to the group dialout he will also have access to the
> other serial ports. Maybe that's too permissive and considered as a
> (grave) security problem.
>
> Another solution is to create a "pda" group and change the group of the
> serial device. But you will have a problem if you connect something else
> on the serial port (like a modem).
>
> Do we (Debian) have a policy on how to manage access rights on the
> serial ports, and not just for modem access?
Yes, refer to the base-passwd documentation.
dialout
Full and direct access to serial ports. Members of this group can
reconfigure the modem, dial anywhere, etc.
--
- mdz