Results 1 to 6 of 6

Thread: automatic setting of permission bits on device files

  1. #1
    Join Date
    Apr 2013
    Beans
    3

    Question automatic setting of permission bits on device files

    I'm using xubuntu 12.04, and I notice that periodically, the permissions
    on some device special files are changed. For instance, if I manually
    change the permissions on /dev/sdc to 666, they will eventually get
    changed back to 660. How do I disable this behavior? I looked around
    in the various cron-related configuration files under /etc, and also in the
    scripts in /etc/init.d, and didn't see anything that looked like it might be
    changing permissions in /dev.

  2. #2
    Join Date
    Aug 2009
    Beans
    Hidden!

    Re: automatic setting of permission bits on device files

    It may be PAM (/etc/security/*) or Udev (/etc/udev/rules*/) but regardless of what could be causing it weakening OS security by changing any access rights to 777 or 666 is ill-advised.
    Simply put it isn't a problem with the OS or the distribution but IMHO a problem with understanding how discretionary access controls (should) work.

  3. #3
    Join Date
    May 2010
    Location
    Tewkesbury uk
    Beans
    7,916
    Distro
    Ubuntu Development Release

    Re: automatic setting of permission bits on device files

    Hi

    Quote Originally Posted by dspeterson View Post
    if I manually
    change the permissions on /dev/sdc to 666, they will eventually get
    changed back to 660.
    Which device files are you changing and why ?

    Quote Originally Posted by unspawn View Post
    but IMHO a problem with understanding how discretionary access controls (should) work.
    Agreed.

    @OP: What are you trying to achieve by changing the access controls on device files ?

    Kind regards
    If you believe everything you read, you better not read. ~ Japanese Proverb

    If you don't read the newspaper, you're uninformed. If you read the newspaper, you're mis-informed. - Mark Twain

  4. #4
    Join Date
    Apr 2013
    Beans
    3

    Re: automatic setting of permission bits on device files

    Quote Originally Posted by matt_symes View Post
    Hi
    Which device files are you changing and why ?



    Agreed.

    @OP: What are you trying to achieve by changing the access controls on device files ?
    Kind regards
    I'm just changing /dev/sdc. It's on a development VM which is used only by me. /dev/sdc
    is a virtual disk I created for use by a daemon I'm working on, which is running without root
    privileges and needs access to the entire block device. In this case, the security of the
    data on /dev/sdc isn't a concern.

    I suspect udev may be causing the observed behavior. I created a file
    /etc/udev/rules.d/10-local.rules that contains the following line:

    KERNEL="sdc" MODE="0666"

    Hopefully this will produce the desired behavior.

  5. #5
    Join Date
    May 2010
    Location
    Tewkesbury uk
    Beans
    7,916
    Distro
    Ubuntu Development Release

    Re: automatic setting of permission bits on device files

    Hi

    I still don't really understand what you are trying to do however world writeable permissions is really not the way to do it.

    You could make the daemon run under its own user and group and make the device node created by udev be owned by that user or group.

    I haven't read through all of it but i think this gives the general idea.

    http://www.weather-watch.com/smf/ind...?topic=39257.0

    You also have ACL you may be able to use.

    Kind regards
    Last edited by matt_symes; April 8th, 2013 at 09:49 PM.
    If you believe everything you read, you better not read. ~ Japanese Proverb

    If you don't read the newspaper, you're uninformed. If you read the newspaper, you're mis-informed. - Mark Twain

  6. #6
    Join Date
    Apr 2013
    Beans
    3

    Re: automatic setting of permission bits on device files

    Yes I know that in general world writable permissions are a bad thing. However
    this is just in a development VM where I'm making code changes to a daemon
    that accesses the block device. Since the VM is used only by me for
    development purposes, I'm not concerned about permissions on the block
    device. I'm just trying to set things up as simply as possible for development,
    so I can quickly iterate on code changes without having to run the daemon
    under its own user or group each time I want to test my code changes.
    Creating the above-mentioned /etc/udev/rules.d/10-local.rules file appears to
    have worked, so it looks like I'm all set.

    Thanks,
    Dave


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •