Re: ownership of target of /dev/cdroms/cdroms0 in devfs
On Tue, 4 Sep 2001 17:37, Richard Gooch wrote:
> > If I then attempt to access the drive, for instance using cdplay, or
> > alteri= ng permissions / ownership of the cdrom* symlinks, and _then_
> > restart devfs= d, then the ownership of
> > /dev/ide/host0/bus1/target0/lun0/cd changes to 'ro= ot:cdrom', and I can
> > read from the drive (as a normal user).
> >
> > If I add the following line to /etc/devfs/perms, then it fixes the
> > problem; REGISTER ^hdc* PERMISSIONS root.cdrom 0660
> >
> > I get the gut feeling that this is the Wrong Way to do this. Can anyone
> > eit= her placate this or advise better ways?
>
> Sounds like you have a Debian system. What you're doing may or may not
> fit in with the Debian way of doing things. I'll let Russell Coker,
> who is the Debian package maintainer for devfsd, reply. I believe he
> is on this list.
OK. The are two differences between the Debian package and the default
devfsd installation in this regard.
One is the /etc/devfs directory and the perms file that is included in the
configuration which has default permissions. I recommend that you add things
to /etc/devfs/conf.d/something instead of changing the perms file, then on
Debian package upgrade if the default perms file has new devices added they
will automatically appear in your configuration (and you will not be bothered
by questions about whether you want to replace the file).
The other change is more significant. The function make_symlink() in
devfsd.c which is called for MKOLDCOMPAT (and presumably MKNEWCOMPAT and
others) will check PERMISSIONS entries for a match on the sym-link name and
chance the permissions of the link target as if it was the subject of the
permissions line. The result of this is that many things "just work" without
any effort. The down-side as you have probably noticed is that removing a
MKOLDCOMPAT entry can have changes to the permissions that are unexpected.
There are already some bug reports in the Debian BTS regarding default
permissions of the IDE device files. I will have to decide what to do, maybe
the following:
REGISTER ^ide/host[0-9]+/bus[0-9]+/target[0-9]+/lun0/cd PERMISSIONS
root.cdrom 640
I would not be about to give write access to a CD burner to anyone other than
root by default...
Also any permissions related configuration directives in /etc/devfs/conf.d/*
will over-ride /etc/devfs/perms (so there's no real need to comment anything
out of /etc/devfs/perms unless you are making permissions more restrictive
and want to avoid race conditions).
I have CC'd this to the debian-user list as I think that other Debian users
will be interested in the discussion.
--
http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/ Postal SMTP/POP benchmark
http://www.coker.com.au/projects.html Projects I am working on
http://www.coker.com.au/~russell/ My home page
Reply to: