[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: ownership of devices



On Thu, 26 Aug 1999, Stephen wrote:

>To some extent it _should_ block other users. I don't know what you
>use your sound card for, but one of my correspondents doesn't type
>anymore due to RSI-like symptoms. I do not want one of the other
>users privileged to log on my machine starting up a Stones CD in the
>middle of reading a thread containing Ben's mail. Also, when you
>write terminal do you mean virtual console on the same machine?

Yup the latter.

>I
>would not want remote users (telnet, say) playing with my sound card.
>(Think about it: do you have a mike attached? Do you ever say nasty
>or salacious things about anybody near that mike?) In that situation
>I would use xdm to manage the X display; then you have to logout.
>(The scripts may still be broken, and may not take notice of the
>logout.)

I don't have any such security concerns :-)
Anyhow it seems that if martin logs on one console then he grabs all
the devices I mentioned before. Now if jacqui logs on on another
console then she will get the devices corresponding to that console
but she doesn't reclaim the sound,floppy,cd etc. So sound at least is broken
for jacqui unless martin logs out before jacqui logs in.

Personally I like to login just once and not have to keep logging in and out all
the time so I find this quite annoying. I take your point that this way of
doing things has some security advantages but from my point of view these gains
are not worth the extra inconvenience of having to log out all the time. After
all my only other user is jacqui and she knows the root password anyhow.

>If the wrapper is correctly designed (see the docs for super(1) or
>tcp-wrappers = tcpd(8)), then it should release the devices when no
>longer needed. This of course is a tough decision if you leave your
>MUA running all day as I do.

Strangely although martin owns the floppy device this doesn't seem to stop
jacqui reading and writing to it. So that isn't broken. It just seems to be the
sound that doesn't play well, if you excuse the pun.

>The real solution for this is a network-ready audio daemon like NAS.

Does that work at the X-level?
If I got the ownership of the devices when I started x and the lost them on
quitting x that would be OK as I am only going to run one Xsession at a time
but I might have several consoles at a time.

>
>Dunno if ESounD is up to all that; it might be a more modern
>alternative.

It seemed to be equally confused when I fooled around with it the other day.

> Martin> I also found that when I recompiled the kernel (sued from
> Martin> martin) and as is my custom used the mkbootdisk command to
> Martin> make the first stage of a rescue set it barfed. Presumably
> Martin> again because of the owner of floppy was martin.
>
>Did you umount the floppy? If you were su to root, you should be able
>to do anything, but if the floppy was still in the mount table, you're
>hosed even if you're root.

It was a while ago but I think you're right I most probably mounted the
floppy and forgot to unmount it, noticed that mkbootdisk it didn't work and
then when I later noticed something odd with the devs and so I just added it
to my grievance list :-)

>And my
>personal user is logged in whenever I'm there, other users come and go
>as I need them, which sounds like a very different MO from yours.

Exactly the same, I think.

>But Debian unstable has been far more reliable than any RedHat
>distribution (4.0, 4.1 Sparc, 4.2, 5.1) or TurboLinux distribution
>(various pre-3.0 Japanese betas) I've used.

Well I may give it a go when I play at home networking (when funds permit).

atb
Martin
--
http://www.shef.ac.uk/~pm1mph

Start your own FREE mailing list at

© 2000 Microsoft Corporation. All Rights Reserved