[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: device file permissions the debian way

> Have you also made the user logout? This is necessary to inherit new
> group membership. Check the output of the `groups' command to be sure.

Jon, that was my problem. My excuse is lack of sleep and too many
pressing distractions, but I should have thought of it anyway. Thanks 
for the instant relief.

However, part of my question remains. By default, all /dev/hd* files
are owned by root/disk. That means that if I leave /dev/hdc with its
660 permission (the debian sarge installation default), I must put
user into the disk group.

This works, but another poster implied this is a security risk. So is
the "debian way" to change ownership of /dev/hda to root/cdrom and put
user into the cdrom group?

"The debian way" seems always to come up in connection with specific
cases, and it would be useful to know what it means in general. For

  1. Leave device interface files at their 660 default permission.

  2. Change the group ownership for the device file to a meaningful
     group defined in /etc/group.

  3. Add users to that group.

gxine allows one to define the device file for cdrom, but not dvd, and
it was my impression that it automatically uses /dev/dvd. If so, then
one has to create a /dev/dvd symlink to a hd* interface. But it is
objected that this is the lesser of evils. Is it a security risk? What
alternatives are there?

(I didn't reply to this last poster because his message showed up in
the newsgroup and not the list. I'm subscribed to both until I find
time to figure out how to gate the list, and until then, I can't reply
to newsgroup messages. Sorry.)

       Haines Brown

Reply to: