[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: group ownership of /dev files

also sprach Derek Martin <code@pizzashack.org> [2006.06.22.2256 +0200]:
> Red Hat has a nice PAM library that lets people access, say, the sound

nice. right.

> devices when they log in on the console.  Thus anyone who logs in
> automatically has access to the sound devices.  However, this facility
> appears to be lacking in Sarge.

by choice, yes.


check out pam_group and /etc/security/group.conf for another
approach, which is not secure (read comments), but a little better.

> Except that Debian seems to have some mechanism which, at boot
> time, resets the group ownership of /dev files.

You are probably using udev which creates them after boot.

dpkg -l udev

> Anyone know how I can make this stop?  Or alternately, know a
> different way to solve this which I have not already discussed?

You could help with modularisation of makedev, which will allow you
to specify policies for device files.

> FWIW, as a long-time system administrator of Unix systems in
> a wide variety of environments, I consider this behavior highly
> undesireable, and would like to suggest to any developers
> listening that they consider changing that behavior.

dpkg -P udev

you get what you ask for. Now if you're not using devfs but a plain
/dev, you should be fine.

df /dev | grep -q '/$' && echo now everything should be okay \
  || echo got work to do

Please do not send copies of list mail to me; I read the list!
 .''`.     martin f. krafft <madduck@debian.org>
: :'  :    proud Debian developer and author: http://debiansystem.info
`. `'`
  `-  Debian - when you have better things to do than fixing a system
"moderation is a fatal thing. enough is as bad as a meal. more than
 enough is as good as a feast."
                                                        -- oscar wilde

Attachment: signature.asc
Description: Digital signature (GPG/PGP)

Reply to: