PDA

View Full Version : Nvidia Drivers - PAM security in Fedora 3



Sam I Am
16-01-2005, 05:01 PM
Hey Guys,

I've just plonked a gigabyte 6800GT in my machine. I have followed the instructions here (http://fedoranews.org/contributors/stanton_finley/fc3_note/#nVidia). After a bit of mucking around with xorg.conf I have got my desktop back at the size and refreshrate I want.

However (and theres always a however)

If I try to run tuxracer from console as a user I get:


[sam@localhost ~]$ tuxracer
Tux Racer 0.61 -- a Sunspire Studios Production (http://www.sunspirestudios.com)(c) 1999-2000 Jasmin F. Patry <jfpatry@sunspirestudios.com>
"Tux Racer" is a trademark of Jasmin F. Patry
Tux Racer comes with ABSOLUTELY NO WARRANTY. This is free software,
and you are welcome to redistribute it under certain conditions.
See http://www.gnu.org/copyleft/gpl.html for details.

Error: Could not open /dev/nvidiactl because the permissions
are too resticitive. Please see the FREQUENTLY ASKED QUESTIONS
section of /usr/share/doc/NVIDIA_GLX-1.0/README for steps
to correct.
Segmentation fault


So following the instructions in the readme I removed the references to dri in /etc/security/console.perms

Then
chmod 0666 /dev/nvidia*
chown root /dev/nvidia*

Tuxracer will now run using the shortcut.

Only problem is, I have to do this everytime I reboot.

Somehow somewhere I get the feelings that permissions are borked but I have no idea where.

Any ideas on how to make these changes permenant?

Chilling_Silence
16-01-2005, 05:48 PM
Im not sure where the file is in Redhat/Fedora but in Gentoo its /etc/conf.d/local.start

Its run each time on boot.

AFAIK in Redhat its in /etc/rc.5/local or /etc/init.d/local

Just put that comment in there


Chill.

vinref
16-01-2005, 05:56 PM
Sounds like you are changing permissions in the wrong file. From memory, Fedora uses the udev mechanism to list only used devices and modules. I had a look at the RedHat site and found this on permission setting on udev (http://fedora.redhat.com/docs/udev/). You may need to edit permissions somewhere in /etc/udev/*

Chilling_Silence
16-01-2005, 06:06 PM
If it uses uDev, then:
echo "nvidia:root:video:0666" >> /etc/udev/permissions.d/50-udev.permissions
echo "nvidia0:root:video:0666" >> /etc/udev/permissions.d/50-udev.permissions
echo "nvidiactl:root:video:0666" >> /etc/udev/permissions.d/50-udev.permissions

Sam I Am
16-01-2005, 08:26 PM
Well thanks for all the suggestions guys. Unfortunately none of them worked but I'll keep hammering away at it.

As a side note. 56.2 FPS in Doom3 on high settings in linux :thumbs:

Jen
16-01-2005, 08:30 PM
So putting in /etc/rc.local these lines at the end does not help?

/bin/chmod 0666 /dev/nvidia*
/bin/chown root /dev/nvidia*

Sam I Am
16-01-2005, 09:20 PM
So putting in /etc/rc.local these lines at the end does not help?

/bin/chmod 0666 /dev/nvidia*
/bin/chown root /dev/nvidia*

Nope. But as soon as I issue these as root in a console it works fine. :illogical

vinref
16-01-2005, 09:22 PM
You cannot put those root commands in your user start-up file. It is never a good idea to have any system-wide commands in a user start-up file. Sam, you have to find the correct file to edit the permissions. That RedHat site I posted did say not to use a certain subfile of the /etc/udev directory.

Sam I Am
16-01-2005, 09:26 PM
You cannot put those root commands in your user start-up file. It is never a good idea to have any system-wide commands in a user start-up file. Sam, you have to find the correct file to edit the permissions. That RedHat site I posted did say not to use a certain subfile of the /etc/udev directory.

I wonder if thats why its not working? Fedora wont run it as its a security risk

Yup which is the one that chill suggested. :eek:

The other suggestion I found involved copying the nvidia files to /etc/udev/devices/ and the altering the permission of that. Tried it. Didnt work. :groan:

Right about now I'm considering using the livna rpms but am erring on the side of caution as livna and freshrpms dont play well togeather.

Zygar
16-01-2005, 09:35 PM
That 6800GT you bought, is that the one with the fancy heatpipe setup? If so, I advise you return it or get an after market fan for it, I was getting temperatures of over 90 degrees under load.

Kame
17-01-2005, 04:23 AM
cp -a /dev/nvidia* /etc/udev/devices/

in the file /etc/udev/permissions.d/50-udev.permissions make the nvidia line:

nvidia*:root:root:0666


Cheers,


Kame

Sam I Am
17-01-2005, 12:10 PM
cp -a /dev/nvidia* /etc/udev/devices/

in the file /etc/udev/permissions.d/50-udev.permissions make the nvidia line:

nvidia*:root:root:0666


Cheers,


Kame

Nope. Sigh. We are all trying to do the same thing in a different way. I may head over to fedora forums and see what they say.

Thanks all for the suggestions

Chilling_Silence
17-01-2005, 01:41 PM
vinref: how is /etc/rc.local a user startup file? IIRC its the file thats run after everything else has been run duing boot?!

Are the devices not being created until after X is being started, in which case that is ineffective issuing that command on boot?

vinref
17-01-2005, 03:03 PM
vinref: how is /etc/rc.local a user startup file? IIRC its the file thats run after everything else has been run duing boot?!

Are the devices not being created until after X is being started, in which case that is ineffective issuing that command on boot?

I am not sure of the correct terminology but yes, /etc/rc.local is the last script to be executed and specific users can place their own commands in it. I call it a "user start-up" file for convenience. The devices are created early, somewhere very soon after the kernel is loaded.

xatzial
17-01-2005, 03:15 PM
I googled and found the following solution:
Create a file named 10-udev.permissions under /etc/udev/permissions.d/
This file should have a single line:
nvidia*:root:root:0666

Save it and from the command line as root:
chown root.root /dev/nvidia*
chmod 0666 /dev/nvidia*

Reboot.
It worked for me.

Chilling_Silence
17-01-2005, 03:36 PM
I am not sure of the correct terminology but yes, /etc/rc.local is the last script to be executed and specific users can place their own commands in it. I call it a "user start-up" file for convenience. The devices are created early, somewhere very soon after the kernel is loaded.

Yes, they can, but it should be chmod 644 meaning root is the only person who can actually WRITE to it, so while it is "user" stuff, technically its "root" or "admin" stuff, because the average "user" with "user" access cant write to the file to add to it!

So yes, thats still a good place to put things you want done on startup, like when I mount --bind /opt/Music /var/www/localhost/htdocs/Music

Sam I Am
18-01-2005, 07:57 AM
I googled and found the following solution:
Create a file named 10-udev.permissions under /etc/udev/permissions.d/
This file should have a single line:
nvidia*:root:root:0666

Save it and from the command line as root:
chown root.root /dev/nvidia*
chmod 0666 /dev/nvidia*

Reboot.
It worked for me.

And we have a winna! :D

Thanks for that.