Re: device file permissions the debian way

To: "H.Haines Brown" <brownh@hartford-hwp.com>, debian-user@lists.debian.org
Subject: Re: device file permissions the debian way
From: Thomas Adam <thomas_adam16@yahoo.com>
Date: Sat, 17 Sep 2005 21:07:37 +0100 (BST)
Message-id: <[🔎] 20050917200737.16336.qmail@web34309.mail.mud.yahoo.com>
In-reply-to: <20050917200135.D6BF7142E@teufel.hartford-hwp.com>

--- Haines Brown <brownh@hartford-hwp.com> wrote:

> This works, but another poster implied this is a security risk. So is
> the "debian way" to change ownership of /dev/hda to root/cdrom and
> put
> user into the cdrom group?

Correct.  No non-root user should ever be in group 'disk' -- instead,
just use 'chgrp' to change the group ownership on the device.

> it was my impression that it automatically uses /dev/dvd. If so, then
> one has to create a /dev/dvd symlink to a hd* interface. But it is
> objected that this is the lesser of evils. Is it a security risk?

No -- it's just a symlink to the actual device.  It's fine, as long as
the necessary and correct ("correct" in terms of the policy you're
enforcing on your system) permissions are there on the device the
symlink points to.

> What
> alternatives are there?

Why should there be any alternatives?

-- Thomas Adam

___________________________________________________________ 
How much free photo storage do you get? Store your holiday 
snaps for FREE with Yahoo! Photos http://uk.photos.yahoo.com

Reply to:

Prev by Date: Re: Overwhelmed newbie
Next by Date: Where to find tcng for debian sarge?
Previous by thread: Re: Overwhelmed newbie
Next by thread: Where to find tcng for debian sarge?
Index(es):
- Date
- Thread