Mailinglist Archive: opensuse (4054 mails)
| < Previous | Next > |
Re: [SLE] What is so special on /dev/hda? was how to make device permissions stick?
- From: "Carlos E. R." <robin1.listas@xxxxxxxxxx>
- Date: Sun, 22 Jan 2006 16:02:23 +0100 (CET)
- Message-id: <Pine.LNX.4.61.0601221339530.7148@xxxxxxxxxxxxxxxx>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
The Sunday 2006-01-22 at 11:43 +0100, Roger Oberholtzer wrote:
> > In file /etc/logindevperm:
> >
> > :0 0600 /dev/cdrom:/dev/cdrom1:/dev/cdrom2:/dev/cdrom3
>
> How does logindevperms relate to udev and HAL?
It doesn't, or not directly.
HAL:
| 1.1. About
|
| This document concerns the specification of HAL which is a piece of
| software that provides a view of the various hardware attached to a
| system. In addition to this, HAL keeps detailed metadata for each piece of
| hardware and provide hooks such that system- and desktop-level software
| can react to changes in the hardware configuration in order to maintain
| system policy.
So, any piece of hardware is listed by it (try "lshal"). With udev I'm not
familiar, but it serves to create the devices files (the /dev tree) on the
fly. I suppose it gets info from hal (hardware abstraction layer?) about
which node to create. What permissions does it use? Dunno.
Looking at it, it is configured in /etc/udev/udev.conf. I see two
interesting entries:
udev_log - set to "yes" if you want logging, else "no"
udev_log="yes"
# udev_perms - The name and location of the permissions device
udev_devperms="/dev/devperms"
You should have a look at file "/dev/devperms" to see what it has, mine is
empty. Udev is active in my 9.3, but the device nodes are static, I think
(judging by the creation date). Not sure how to know.
Grepping with "mc" in "/etc/udev/" for references to "cdrom" I don't find
permissions references. Looking for "hda" I find two, but I don't think
those are the ones we are looking for:
KERNEL="dos_hda*", NAME="%k", GROUP="disk", MODE="660"
KERNEL="i2o/hda*", NAME="%k", GROUP="disk", MODE="660"
Finally, we have "logindevperm" (man logindevperm):
| NAME
| /etc/logindevperm - configuration file for pam_devperm.so
So it is used by PAM.
> I would guess that if a
> device is already present when you log in, logindevperms will replace
> any udev/HAL settings. If the device gets inserted while logged in, the
> udev/HAL settings are used and not logindevperms.
Not sure of that.
>
> Joy. Another piece of the puzzle.
>
> And, what happens if someone logs in after you while you are logged in?
> login runs as root, so there is nothing stopping it from claiming the
> device for the new login. Meaning that any changes made by the first
> person would be set to logindevperms when the second person logs in.
No, the permissions do not change, the first user keeps control.
> I guess the first item on each logindevperms line allows a bit of
> control over this. But I would happy to fully understand the interaction
> with udev/HAL. The default logindevperms explains why you only get the
> device settings when you log in as the first GUI login on the console,
> as only that is defined in the default SUSE logindevperms.
It doesn't matter if you log in X or in the console, as long as it is a
local one. Or it did not when I looked at this time ago, I might be
mistaken.
>
> Anyway, thanks for the pointer to logindevperms. It is now on the radar.
> Too bad it still does not explain why /dev/ttyS0 is set to rw access
> only for the current login. I have not traced who does that.
The /dev/ttyS0 is symlinked to /dev/modem: look for this one in those
configuration files and you will find it.
I will shove more clutter on your radar: have a look at /etc/resmgr.conf
as well :-P
Anyway, just try to modify the cdrom line in logindevperm, and find out if
it solves your issue. Or, comment it out, and find if it sticks put.
- --
Cheers,
Carlos Robinson
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (GNU/Linux)
Comment: Made with pgp4pine 1.76
iD8DBQFD056NtTMYHG2NR9URAr7nAJ9BbklRET8RJoVWMlIjrdojg8gpdQCffo9Q
Kl3MiD1VBwuZm/gvYe47GS4=
=wRLZ
-----END PGP SIGNATURE-----
Hash: SHA1
The Sunday 2006-01-22 at 11:43 +0100, Roger Oberholtzer wrote:
> > In file /etc/logindevperm:
> >
> > :0 0600 /dev/cdrom:/dev/cdrom1:/dev/cdrom2:/dev/cdrom3
>
> How does logindevperms relate to udev and HAL?
It doesn't, or not directly.
HAL:
| 1.1. About
|
| This document concerns the specification of HAL which is a piece of
| software that provides a view of the various hardware attached to a
| system. In addition to this, HAL keeps detailed metadata for each piece of
| hardware and provide hooks such that system- and desktop-level software
| can react to changes in the hardware configuration in order to maintain
| system policy.
So, any piece of hardware is listed by it (try "lshal"). With udev I'm not
familiar, but it serves to create the devices files (the /dev tree) on the
fly. I suppose it gets info from hal (hardware abstraction layer?) about
which node to create. What permissions does it use? Dunno.
Looking at it, it is configured in /etc/udev/udev.conf. I see two
interesting entries:
udev_log - set to "yes" if you want logging, else "no"
udev_log="yes"
# udev_perms - The name and location of the permissions device
udev_devperms="/dev/devperms"
You should have a look at file "/dev/devperms" to see what it has, mine is
empty. Udev is active in my 9.3, but the device nodes are static, I think
(judging by the creation date). Not sure how to know.
Grepping with "mc" in "/etc/udev/" for references to "cdrom" I don't find
permissions references. Looking for "hda" I find two, but I don't think
those are the ones we are looking for:
KERNEL="dos_hda*", NAME="%k", GROUP="disk", MODE="660"
KERNEL="i2o/hda*", NAME="%k", GROUP="disk", MODE="660"
Finally, we have "logindevperm" (man logindevperm):
| NAME
| /etc/logindevperm - configuration file for pam_devperm.so
So it is used by PAM.
> I would guess that if a
> device is already present when you log in, logindevperms will replace
> any udev/HAL settings. If the device gets inserted while logged in, the
> udev/HAL settings are used and not logindevperms.
Not sure of that.
>
> Joy. Another piece of the puzzle.
>
> And, what happens if someone logs in after you while you are logged in?
> login runs as root, so there is nothing stopping it from claiming the
> device for the new login. Meaning that any changes made by the first
> person would be set to logindevperms when the second person logs in.
No, the permissions do not change, the first user keeps control.
> I guess the first item on each logindevperms line allows a bit of
> control over this. But I would happy to fully understand the interaction
> with udev/HAL. The default logindevperms explains why you only get the
> device settings when you log in as the first GUI login on the console,
> as only that is defined in the default SUSE logindevperms.
It doesn't matter if you log in X or in the console, as long as it is a
local one. Or it did not when I looked at this time ago, I might be
mistaken.
>
> Anyway, thanks for the pointer to logindevperms. It is now on the radar.
> Too bad it still does not explain why /dev/ttyS0 is set to rw access
> only for the current login. I have not traced who does that.
The /dev/ttyS0 is symlinked to /dev/modem: look for this one in those
configuration files and you will find it.
I will shove more clutter on your radar: have a look at /etc/resmgr.conf
as well :-P
Anyway, just try to modify the cdrom line in logindevperm, and find out if
it solves your issue. Or, comment it out, and find if it sticks put.
- --
Cheers,
Carlos Robinson
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (GNU/Linux)
Comment: Made with pgp4pine 1.76
iD8DBQFD056NtTMYHG2NR9URAr7nAJ9BbklRET8RJoVWMlIjrdojg8gpdQCffo9Q
Kl3MiD1VBwuZm/gvYe47GS4=
=wRLZ
-----END PGP SIGNATURE-----
| < Previous | Next > |