Re: /dev/ttyS? dialin/dialout and modes.
According to Andreas Jellinghaus:
> > Now I see that the bootfloppies have the /dev/ttySx devices owned by
> > root instead of uucp. I think this is a bug, but I don't know how
> > to file a bug report against the disks-i386 directory..
>
> i don't know why they should be owned by uucp ...
Because uucp needs to access the dialout devices without being in
group dialout.
> > Note that UUCP still is an important subsystem, and that currently some
> > parts of it (uucico) are setgid dialout, and so other programs have to
> > be setuid uucp to call uucico etc.
>
> ??? uucico is sgid dialout, so it can access /dev/tty*. no need to
> change owner to uucp...
But that's the point. uucico -shouldn't- be setgid because it wasn't
designed to be setgid. It should also be in group uucp, so that
other programs can call it that are setgid uucp.
> and uucico is also suid uucp, so any program can call it (it doesn't
> need to be also sgid uucp).
No, but other setgid uucp programs should be able to call uucico.
[other convincing reasons not to use uucp:dialout deleted]
> > I've been using /dev/ttyS* exclusively for some time and
> > it seems to work fine (using mgetty for dialin and /etc/mgetty/login.config
> > setup to set the device owner/modes to uucp:dialout 0660. That should
> > be a compiled-in default).
>
> same for me. but i still don't know, whats wrong with tty* owned by
> root. everything works for me...
I'll have to dig into the code of uucico to see how safe it is,
and contemplate on this some more before I can eleborate.
In the mean time, I've filed bug reports against all getty packages
to set the modes to uucp:dialout/0660. While that isn't perfect
if you are right and root:dialout would be better, it is the first
step in the right direction.
Mike.
--
| Miquel van | "I need more space" "Well, why not move to Texas" |
| miquels@cistron.nl | "No, on my account, stupid." "Stupid? Uh-oh.." |
| PGP fingerprint: FE 66 52 4F CD 59 A5 36 7F 39 8B 20 F1 D6 74 02 |
--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-devel-request@lists.debian.org .
Trouble? e-mail to templin@bucknell.edu .
Reply to: