Console owner and device perms changes (Was Re: Window manager - implementation bug/feature ???)

[darren.moffat () SUNUK UK SUN COM (Darren Moffat)]

> This is normal behaviour under Red Hat *ONLY* when you log in physically
> to the machine (i.e. from the console). Red Hat assumes that normal users

Not true Solaris has a similar feature which is enabled by updating
/etc/logindevperm.  By default in Solaris the user gets access to
the mouse, framebuffer and audio devices.

Solaris has the removeable media manager (vold/rmmount) so doesn't need
to change the permissions on cdrom and floppy devices.  This doesn't
apply just to mounting data CDs but also for starting your favorite CD player,
You can update /etc/rmmount.conf thus:
        action cdrom action_workman.so <path to>/workman
So that it starts up workman (or anything else) when an audio CD is inserted.
The workman process will be started as the uid who is the console owner.

The other alternative in Solaris if you want a bit more security is to
use device allocation (enabled after running bsmconv) so that only one
user can access the removable device at anyone time, however this is
intended more for tapes that don't need to be mounted rather than
cdrom/floppy.

If RedHat (or any other OS) is changing the perms on the local device
nodes that correspond to hard disks then this is a Bug by anyones definition
only the root user should have access to the raw disk devices.

--
Darren J Moffat