[lug] File permissions & groups
RRiggs at doubleclick.net
Tue Mar 12 09:13:29 MST 2002
Red Hat uses PAM's console.perms(5) to set permissions on the devices
themselves to the console user, rather than using setuid root applications.
It's a much safer way to achieve what you want.
I have the following set on my system:
<cdrom>=/dev/cdrom* /dev/cdroms/* /dev/cdwriter* /mnt/cdrom*
lrwxrwxrwx 1 root root 8 Feb 3 20:46 /dev/cdwriter ->
On login, PAM sets the owner on /dev/sg2 to the console owner, which is the
first user to log in on the local console, either on a VT or via X.
P.S. I've thought about giving a 10-minute talk on console.perms, if
anyone's interested. Probably not this month though...
From: Gary Hodges [mailto:Gary.Hodges at noaa.gov]
Sent: Tuesday, March 12, 2002 8:54 AM
To: lug at lug.boulder.co.us
Subject: [lug] File permissions & groups
I'm fairly certain I could run cdrecord and mkisofs as a regular user a
few weeks ago, so I'm guessing an update has changed some permissions.
~>ls -l /usr/bin/mkisofs
-rws--x--- 1 root cdwrite 353084 Aug 8 2001
~>ls -l /usr/bin/cdrecord
-rws--x--- 1 root cdwrite 177852 Aug 8 2001
I've just read a doc on file permissions and if I understand it
correctly, having the SUID bit set should allow a regular user to run
these programs. I've also tried adding myself, the regular user, to the
cdwrite group, but I still can't run these commands. What am I missing?
Gary -- RHL 7.2 with all up2date's
Web Page: http://lug.boulder.co.us
Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
More information about the LUG