Vulnerability Development mailing list archives
Console owner and device perms changes (Was Re: Window manager - implementation bug/feature ???)
From: darren.moffat () SUNUK UK SUN COM (Darren Moffat)
Date: Thu, 7 Oct 1999 09:49:23 -0700
This is normal behaviour under Red Hat *ONLY* when you log in physically to the machine (i.e. from the console). Red Hat assumes that normal users
Not true Solaris has a similar feature which is enabled by updating /etc/logindevperm. By default in Solaris the user gets access to the mouse, framebuffer and audio devices. Solaris has the removeable media manager (vold/rmmount) so doesn't need to change the permissions on cdrom and floppy devices. This doesn't apply just to mounting data CDs but also for starting your favorite CD player, You can update /etc/rmmount.conf thus: action cdrom action_workman.so <path to>/workman So that it starts up workman (or anything else) when an audio CD is inserted. The workman process will be started as the uid who is the console owner. The other alternative in Solaris if you want a bit more security is to use device allocation (enabled after running bsmconv) so that only one user can access the removable device at anyone time, however this is intended more for tapes that don't need to be mounted rather than cdrom/floppy. If RedHat (or any other OS) is changing the perms on the local device nodes that correspond to hard disks then this is a Bug by anyones definition only the root user should have access to the raw disk devices. -- Darren J Moffat
Current thread:
- Console owner and device perms changes (Was Re: Window manager - implementation bug/feature ???) Darren Moffat (Oct 07)