[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: New User

On Wed, 2003-05-28 at 23:49, Richard Hector wrote:
> On Wed, May 28, 2003 at 08:47:30PM -0400, Mark L. Kahnt wrote:
> > On Wed, 2003-05-28 at 20:18, Jonathon B. Craw wrote:
> > > 
> > > 1.  Permissions on /dev/mix*  /dev/dsp/*: give yourself read/write access
> > > 	I might do something like chmod a+rw /dev/mix* /dev/dsp*  -- see chmod
> > > 
> > Umm, no...
> > 
> > Also known as "NO! NO! NO!"
> > 
> > Do NOT go mucking around with chmod'ing /dev entries! They are the way
> > they are for a reason.
> > 
> > Instead, do an ls -l of the /dev entries that you need - in this case
> > you are looking at sound so you will likely see something like:
> > 
> > crw-rw----    1 root   audio     14,   3 1969-12-31 19:00 /dev/sound/dsp
> While that's true of audio stuff, can you still recommend the same approach
> (leave it alone) for other devices? IIRC I had to "chgrp scanner /dev/sg0"
> to give myself permission to use my scanner - the alternative is to add
> myself to the root group, which is a bit loose ...
> Is there a reason I shouldn't have done what I did?
> Thanks,
> Richard

Essentially, it is a potential security hole to just go and add
additional permissions to a device, particularly write permissions, but
as well, if you use devfs, my understanding is that such settings don't
carry from one launching of devfs to the next. While sound is not as
large of a risk, it is this practice that would lead to someone deciding
"Well, I have this FAT32 or NTFS partition I want to be able to write to
as a user - I'll just make the device world writeable" and the next
thing you know, the filesystem on the device gets trashed by some
decision to write to the device itself.
ML Kahnt New Markets Consulting
Tel: (613) 531-8684 / (613) 539-0935
Email: kahnt@hosehead.dyndns.org

Attachment: signature.asc
Description: This is a digitally signed message part

Reply to: