Installation guide
Chapter 17. Console Access 161
17.5. Making Files Accessible From the Console
In /etc/security/console.perms, there is a section with lines like:
floppy =/dev/fd[0-1]* \
/dev/floppy/*
sound =/dev/dsp* /dev/audio* /dev/midi* \
/dev/mixer* /dev/sequencer \
/dev/sound/*
cdrom =/dev/cdrom* /dev/cdwriter*
You can add your own lines to this section, if necessary. Make sure that any lines you add
refer to the appropriate device. For example, you could add the following line:
scanner =/dev/scanner
(Of course, make sure that /dev/scanner is really your scanner and not, say, your hard
drive.)
That’s the first step. The second step is to define what is done with those files. Look in the
last section of /etc/security/console.perms for lines similar to:
console 0660 floppy 0660 root.floppy
console 0600 sound 0640 root
console 0600 cdrom 0600 root.disk
and add a line like:
console 0600 scanner 0600 root
Then, when you log in at the console, you will be given ownership of the /dev/scanner
device and the permissions will be 0600 (readable and writable by you only). When you log
out, the device will be owned by root and still have 0600 (now: readable and writable by root
only) permissions.
17.6. Enabling Console Access for Other Applications
If you wish to make other applications accessible to console users, you will have to do a bit
more work.
First of all, console access only works for applications which reside in /sbin or /usr/sbin,
so the application that you wish to run must be there. After verifying that, do the following
steps:
1. Create a link from the name of your application, such as our sample foo program, to
the /usr/bin/consolehelper application:
cd /usr/bin
ln -s consolehelper foo
2. Create the file /etc/security/console.apps/foo:
touch /etc/security/console.apps/foo
3. Create a PAM configuration file for the foo service in /etc/pam.d/. An easy way to do
this is to start with a copy of the halt service’s PAM configuration file, and then modify
the file if you want to change the behavior: