Enabling Console Access for Other Applications

If you wish to make other applications accessible to console users, you will have to do a bit more work.

First of all, console access only works for applications which reside in /sbin or /usr/sbin, so the application that you wish to run must be there. After verifying that, do the following steps:

  1. Create a link from the name of your application, such as our sample foo program, to the /usr/bin/consolehelper application:

    cd /usr/bin
    ln -s consolehelper foo
  2. Create the file /etc/security/console.apps/foo:

    touch /etc/security/console.apps/foo
  3. Create a PAM configuration file for the foo service in /etc/pam.d/. An easy way to do this is to start with a copy of the halt service's PAM configuration file, and then modify the file if you want to change the behavior:

    cp /etc/pam.d/halt /etc/pam.d/foo

Now, when you run /usr/bin/foo, it will call consolehelper, which will authenticate the user with the help of /usr/sbin/userhelper. To authenticate the user, consolehelper will ask for the user's password if /etc/pam.d/foo is a copy of /etc/pam.d/halt (otherwise, it will do precisely what is specified in /etc/pam.d/foo) and then run /usr/sbin/foo with root permissions.