Jonathan Woithe <jwoithe@email-addr-hidden> writes:
> Sorry, no homepage yet. Read the enclosed README and manpage for full
> details. In short, a simple text file /etc/set_rtlimits.conf is used to
> configure which users (or groups) can run which programs with elevated
> realtime/nice priorities. The maximum priorities requestable is limited on
> a user+program basis, so a single user or group can have different
> maximum priorities for different programs if this is desired.
Your group support is not very useful, yet, because it only checks the
current group. It would help a lot to also check supplementary group
membership, see: `man getgroups(2)'. That way people who add
themselves to some group like `audio' (for example) can gain realtime
privileges as a side-effect. (There may be a problem with this: I am
not certain that supplementary groups are inherited correctly by
setuid programs.)
Also, the group namespace is separate from the user namespace, so the
config file needs some way to tell group `joq' apart from user `joq'.
I believe PAM uses the `@group' notation to distinguish the two (not
that PAM is a very good example of anything).
-- joqReceived on Mon Jun 6 12:15:07 2005
This archive was generated by hypermail 2.1.8 : Mon Jun 06 2005 - 12:15:07 EEST