[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: gdm/Gnome/KDE and device permissions

On Wed, 11 Oct 2006 14:12:20 +0200
Gernot Salzer <salzer@logic.at> wrote:
> Don't mechanisms like libpam_devperm grant exclusive access?
> On login the ownership of the devices is set to the console user,
> and only the owner is granted rwx-rights. On logout
> ownership/permissions of the device revert to the old setting.

First, there is no safe way to revoke privileges from a user. If a user
gets access to a certain group he/she can arrange ways to keep it,
even after being logged out (make a suid binary for example).
Second, several people can login at once on different VTs. 

> > Since groups are only set when a user logs in it's not possible to e.g.,
> > add the user to the plugdev group when they plug in a USB stick. You'd
> > have to add them to plugdev when they log in.
> Couldn't a script triggered by udev set ownership/permissions to
> the current console user, like libpam_devperm does?

Why would you want to bring udev in the picture? If you think the scheme 
used by pam_group (and similar) is secure enough for you, you can also grant 
access to the plugdev, netdev and powerdev groups. Note that access control
is not hard coded to plugdev in dbus, you can edit the files in /etc/udev
to have more relaxed access control. Oh, on debian you also need to change
the permissions of p{u,}mount
> How do end-user Linux distributions that are supposed to work out of the box
> (like ubuntu, fedora, suse) solve this problem? World-rwx for all
> user devices? All users added to groups like "audio", "video", ...?

Afaik, fedora has pam_console or something like that does something like
you suggest; give privileges to all users that log in at the console.
Also dbus has some support for this, but this isn't compiled in the
debian version, because of the caveats I outlined above.

> Would it be possible to let all user devices (static or dynamic) be
> owned by group "console" with rwx rights, and add/remove the console
> user dynamically to/from this group on login/logout? This way
> it wouldn't matter whether e.g. the usb stick is plugged in before
> or after login.
> Wouldn't this solve the problem?

As I said, no, it would not solve the problem safely for true multi-user
environments. FWIW, there has been some discussion and ideas floating
around on the HAL and DBus lists. The current consensus is that we need
a secure way for dbus/hal to know what is the current active virtual
terminal and how owns it. For mulit-head systems we need a way to
specify that certain devices (think usb ports) belong to a certain
Nobody has had time to implement it yet however.

grts Tim

Reply to: