[Techtalk] Changing ownership of devices
Maria Blackmore
mariab at cats.meow.at
Thu Sep 11 14:34:12 EST 2003
On Wed, 10 Sep 2003 jas at spamcop.net wrote:
> > This seems very bizarre to me, the device should never be owned by anyone
> > other than root.
>
> RedHat takes a slightly different approach: I/O peripherals like that should be
> owned by whoever is at the console. If user 'maria' logs in at the console
> (including X) then maria gets ownership of these devices; when she logs out,
> ownership is returned to root.
err .. that seems dumb
What if there are multiple people logged in at the console? Who gets the
ownership then?
> The problem with this (and presumably the reason RedHat don't do it)
> is that members of this group then have access to devices being used
> by other members of the group. If we're both authorized scanner users,
> I can then read whatever you scan in...
At this point, I'd be asking that if what you're scanning is so
confidential, what are you doing scanning it on a multi-user machine?
Of course, as a medium ground, you can just ensure that you are the only
person in the group that owns the scanner, but then no-one else can use it
either. There's no easy way around this, but I've got to say that I
really don't like the look of Redhat's solution. It might fix one
problem, and avoid a possible security issue, but it gives rise to other
issues too.
Maria
More information about the Techtalk
mailing list