[H-GEN] Changing permissions on /dev files

Martin Pool mbp at wistful.humbug.org.au
Tue Oct 13 20:44:44 EDT 1998


On Wed, Oct 14, 1998 at 10:32:13AM +1000, David Wood wrote:

> We're running tripwire on a few machines, and it occaisionally reports
> changing ownership and permissions on files in /dev.  For example, one
> report might read:
> 
> changed: crw------- pppuser         0 Oct 12 15:56:10 1998 /dev/ttyS1
> 
> and the next day's report might read:
> 
> changed: crw------- root            0 Oct 12 15:56:10 1998 /dev/ttyS1
> 
> Can anyone please tell me,
> 
> a)  Is this expected behavior?
> b)  What process is changing the ownership and permissions? and
> c)  Why??

Yes, tty flags are expected to change.  The privileged program that
gives access to the device changes the permissions when it starts the
program that uses it, because once that tty is assigned to a
particular user/daemon nobody else ought to be able to use it.

So, login(8) (I think) changes ttys to be owned by the person logged
in, and presumably one of the ppp scripts does the same.

write(1) and mesg(1) and company take advantage of this to allow or
deny other people access to your terminals:

mbp at wistful/p2 diss$ ls -l `tty`
crw--w--w-   1 mbp      mbp        3,   2 Oct 14 10:39 /dev/ttyp2
mbp at wistful/p2 diss$ mesg n
mbp at wistful/p2 diss$ ls -l `tty`
crw-------   1 mbp      mbp        3,   2 Oct 14 10:40 /dev/ttyp2

A paranoid sysadmin might make their monitoring scripts check that the
dialout lines are owned by root or pppuser but nobody else, if your
site policy is that normal users can't use the modems directly.

RPM knows to ignore ownership and permissions of dev files, but to
check everything else.  I don't remember if that's possible with
tripwire.

> Could this have something to do with a device being locked while it is
> in use (e.g. for a modem)?

Kind of.  It prevents anybody but pppuser from writing to the device
(and peeking at the data stream), but ppp will have to do it's own
locking to make sure _it_ doesn't try to open it from two
uncoordinated processes.

Elegant, is it not?

-- 
Martin Pool

Every day, computers are making people easier to use
		-- Steve Edberg




More information about the General mailing list