Subject: Changing ownership of console devices on console logins
To: None <netbsd-users@netbsd.org>
From: Brian de Alwis <bsd@cs.ubc.ca>
List: netbsd-users
Date: 07/04/2001 16:10:20
I have some boxes running NetBSD as personal workstations.
They have floppies, CD-ROMs, soundcards -- all stuff that should
be usable by the console user. These should be accessible to anybody
who logs in on the console; so adding people to the `operator' group
isn't acceptable. I don't want them to be universally writable for
security reasons. I've setup a script, setup-console (appended below),
to be called through /etc/ttyaction:
# tty action command...
console login /etc/setup-console
ttyE0 login /etc/setup-console
setup-console looks like:
----8<----CUT-HERE----8<----
#!/bin/sh
# Setup environment for console user
# Expected to be executed by ttyaction(3) from login/rlogind/telnetd
# Given env is:
# TTY=ttyname
# ACT=action
# USER=username
# PATH=_PATH_STDPATH
CDDEVS="/dev/rcd0a /dev/rcd0d /dev/cd0a /dev/cd0d"
FDDEVS="/dev/rfd[0-9][a-g] /dev/fd[0-9][a-g]"
MNTPTS="/floppy /cdrom"
SOUNDDEVS="/dev/sound[0-9] /dev/audio[0-9] /dev/mixer[0-9] /dev/audioctl[0-9]"
MOUSEDEVS="/dev/tty00"
PILOTDEVS="/dev/tty01"
# The user should be able to write messages to the console?
chown -h ${USER}.tty /dev/console
case $ACT in
login)
chown $USER $CDDEVS $FDDEVS $MNTPTS $SOUNDDEVS $MOUSEDEVS $PILOTDEVS
chmod 0600 $CDDEVS $FDDEVS $SOUNDDEVS $MOUSEDEVS $PILOTDEVS
chmod 0711 $MNTPTS
;;
*) # on logout
chown root.wheel $MNTPTS $CDDEVS $SOUNDDEVS
chown root.operator $FDDEVS
chown uucp.wheel $MOUSEDEVS $PILOTDEVS
chmod 0600 $CDDEVS $FDDEVS $SOUNDDEVS $MOUSEDEVS $PILOTDEVS
chmod 0711 $MNTPTS
;;
esac
----8<----CUT-HERE----8<----
My question: does anybody have something equivalent, or better?
Is there a better way?
--
"Source code in files. How quaint." - Kent Beck
"Maybe this world is another planet's Hell." - Aldous Huxley