Re: /dev/kmem: Permission denied

[casper () fwi uva nl (Casper Dik)]

> The thing that I find missing in this discussion is a rationale for
> the change in group ownership.  Having at one time run a script
> supplied by Sun to change the ownership of lots of files because of
> securtity problems in SunOS I am not confident that Sun has well
> thought out reasons for changes such as the one being talked about
> here.

The rationale is not so much one about change but more keeping it
like it was in SVR3.  While SunOS 4.1.x contributed much on
the kernel side of things (VFS, VM system), the SV influence is best
felt in the administrative/user side of things.  There simply
is no group "kmem" in SV.  This is how sys comes to be the
merger of group "kmem" and "operator".  Perhaps it would
have been better to keep the two groups seperate.

As to modes and ownership in Solaris 2.x, yes they leave a lot
to be desired.  SO much, that I specifically wrote a set of
programs to fix all group and world writable files.

(One thing they took from SunOS 4.1.x was the set-gidness of
/usr/kvm/crash, ugh.  This file is also included in each kernel
jumbo patch do it gets its mode restored each patch installation).

After each kernel patch we run the commands (automatically)

installf SUNWkvm /usr/kvm/crash f 755 root sys
installf -f SUNWkvm


Casper