Re: apm suspend broken ?

Stephen Rothwell (sfr@canb.auug.org.au)
Thu, 1 Nov 2001 01:28:36 +1100


Hi Thomas,

On 30 Oct 2001 11:18:17 -0500 Thomas Hood <jdthood@mail.com> wrote:
>
> If we were to use the write permission bit to control
> access, then it would not be necessary for the apm
> command to be setuid root to give the non-root user
> the ability to suspend the machine. Instead we could
> chgrp apm /dev/apm_bios
> chmod g+w /dev/apm_bios
> and add the trusted user to the 'apm' group.
>
> Am I missing something here?

No, you are not missing anything and I did consider the other part of your
patch, but was not brave enough to apply it when the kernel was "frozen".
However, the freeze lasted much longer than I expected :-)

I guess the original intention was that we would be able to add
capablilites to executable (much as we add setuid bits) and to users, but
that also seems to have taken a while to emerge. I think, though, that I
have seen a PAM module for adding capabilities to users at login time.

-- 
Cheers,
Stephen Rothwell                    sfr@canb.auug.org.au
http://www.canb.auug.org.au/~sfr/
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/