Subject: Re: pcvt and TIOCCONS
To: None <firstname.lastname@example.org>
From: Gordon W. Ross <email@example.com>
Date: 04/11/1996 11:59:14
> Date: Wed, 10 Apr 1996 17:45:57 -0400
> From: "Perry E. Metzger" <firstname.lastname@example.org>
> David Carrel writes:
> > Works fine for me. Make sure you have read access to /dev/console. (You
> > might need write access too. It's been a while since I set this up.)
> > Under pcvt, you will log in on /dev/ttyv0 and only that will get chowned to
> > you.
> Ah, that totally explains the problem -- no access to /dev/console
> because it isn't the login tty.
> Anyone have any ideas how this should be done "right" if you are using
> pcvt? The problem is that you don't want to just change the
> permissions permanently on /dev/console; you want them to remain the
> same as the permissions on /dev/ttyv0. Under pccons this isn't an
This is another manifestation of the "related devices" problem.
When one logs in on the "workstation" device i.e. /dev/ttyv0 on
the PC, or /dev/kd (keyboard/display) on the Sun3, getty will
set the login tty ownership to the login UID, but there are
related devices that also need their ownership set. Examples:
ownership of /dev/kd implies ownership of:
/dev/fb (the frame-buffer device)
/dev/kbd (raw keyboard interface for X)
ownership of /dev/ttyv0 implies ownership of
For both machines, if the login device is also where /dev/console
points, then /dev/console could be treated as a "related device"
also, but I'm not sure that is correct from a security standpoint.
CGD suggested that we implement something like the /etc/fbtab
feature from SunOS (but with more generality). Here is how it
might work. The file /etc/ttygroup (or whatever name you like)
would contain the following fields:
login_tty modes related_device #comments
Sample contents of this file for the Sun3 would be:
/dev/kd 0600 /dev/kbd
/dev/kd 0600 /dev/mouse
/dev/kd 0620 /dev/fb
/dev/kd 0620 /dev/bwtwo0
/dev/kd 0620 /dev/bwtwo1
/dev/kd 0620 /dev/cgtwo0
/dev/kd 0620 /dev/cgthree0
/dev/kd 0620 /dev/cgfour0
/dev/kd 0622 /dev/console #ONLY if console is on "kd"
The above file would be processed by login and getty as follows:
When login authenticates user $UID and has done a chown of the
login tty, it then scans the /etc/ttygroup file for lines with
a matching $login_tty field. For each match, it should do
chown and chmod calls equivalent to:
chown $UID $related_device
chmod $modes $related_device
Similarly, after a logout, when getty is started on a tty line,
it will scan /etc/ttygroup for lines match the login_tty and will
do chown and chmod calls equivalent to:
chown 0600 $related_device
chown root $related_device
(Maybe a revoke(2) call as well?)
So, that's how I think it should work. Does this sound OK?
Are there any volunteers to make login and getty do this?