Subject: Changing ownership of console devices on console logins
To: None <>
From: Brian de Alwis <>
List: netbsd-users
Date: 07/04/2001 16:10:20
I have some boxes running NetBSD as personal workstations.
They have floppies, CD-ROMs, soundcards -- all stuff that should
be usable by the console user. These should be accessible to anybody
who logs in on the console; so adding people to the `operator' group
isn't acceptable. I don't want them to be universally writable for
security reasons. I've setup a script, setup-console (appended below),
to be called through /etc/ttyaction:

    # tty   action  command...
    console login   /etc/setup-console
    ttyE0   login   /etc/setup-console

setup-console looks like:

# Setup environment for console user
# Expected to be executed by ttyaction(3) from login/rlogind/telnetd
# Given env is:
#           TTY=ttyname
#           ACT=action
#           USER=username
#           PATH=_PATH_STDPATH

CDDEVS="/dev/rcd0a /dev/rcd0d /dev/cd0a /dev/cd0d"
FDDEVS="/dev/rfd[0-9][a-g] /dev/fd[0-9][a-g]"
MNTPTS="/floppy /cdrom"
SOUNDDEVS="/dev/sound[0-9] /dev/audio[0-9] /dev/mixer[0-9] /dev/audioctl[0-9]"

# The user should be able to write messages to the console?
chown -h ${USER}.tty /dev/console

case $ACT in
        chmod 0711 $MNTPTS

*)      # on logout
        chown root.wheel $MNTPTS $CDDEVS $SOUNDDEVS 
        chown root.operator $FDDEVS
        chown uucp.wheel $MOUSEDEVS $PILOTDEVS
        chmod 0711 $MNTPTS

My question: does anybody have something equivalent, or better?
Is there a better way?

"Source code in files. How quaint." - Kent Beck
"Maybe this world is another planet's Hell." - Aldous Huxley