netbsd-users: Re: Changing ownership of console devices on console logins

Subject: Re: Changing ownership of console devices on console logins
To: Brian de Alwis <bsd@cs.ubc.ca>
From: Manuel Bouyer <bouyer@antioche.lip6.fr>
List: netbsd-users
Date: 07/05/2001 21:27:14

On Wed, Jul 04, 2001 at 04:10:20PM -0700, Brian de Alwis wrote:
> I have some boxes running NetBSD as personal workstations.
> They have floppies, CD-ROMs, soundcards -- all stuff that should
> be usable by the console user. These should be accessible to anybody
> who logs in on the console; so adding people to the `operator' group
> isn't acceptable. I don't want them to be universally writable for
> security reasons. I've setup a script, setup-console (appended below),
> to be called through /etc/ttyaction:
> 
>     # tty   action  command...
>     console login   /etc/setup-console
>     ttyE0   login   /etc/setup-console
> 
> setup-console looks like:
> 
> ----8<----CUT-HERE----8<----
> #!/bin/sh
> # Setup environment for console user
> # Expected to be executed by ttyaction(3) from login/rlogind/telnetd
> # Given env is:
> #           TTY=ttyname
> #           ACT=action
> #           USER=username
> #           PATH=_PATH_STDPATH
> 
> CDDEVS="/dev/rcd0a /dev/rcd0d /dev/cd0a /dev/cd0d"
> FDDEVS="/dev/rfd[0-9][a-g] /dev/fd[0-9][a-g]"
> MNTPTS="/floppy /cdrom"
> SOUNDDEVS="/dev/sound[0-9] /dev/audio[0-9] /dev/mixer[0-9] /dev/audioctl[0-9]"
> MOUSEDEVS="/dev/tty00"
> PILOTDEVS="/dev/tty01"
> 
> # The user should be able to write messages to the console?
> chown -h ${USER}.tty /dev/console
> 
> case $ACT in
> login)
>         chown $USER $CDDEVS $FDDEVS $MNTPTS $SOUNDDEVS $MOUSEDEVS $PILOTDEVS
>         chmod 0600 $CDDEVS $FDDEVS $SOUNDDEVS $MOUSEDEVS $PILOTDEVS
>         chmod 0711 $MNTPTS
>         ;;
> 
> *)      # on logout
>         chown root.wheel $MNTPTS $CDDEVS $SOUNDDEVS 
>         chown root.operator $FDDEVS
>         chown uucp.wheel $MOUSEDEVS $PILOTDEVS
>         chmod 0600 $CDDEVS $FDDEVS $SOUNDDEVS $MOUSEDEVS $PILOTDEVS
>         chmod 0711 $MNTPTS
>         ;;
> esac
> ----8<----CUT-HERE----8<----
> 
> My question: does anybody have something equivalent, or better?
> Is there a better way?

i've done things like this on some machine, but not with a script as complex
as yours :) I just call chown from ttyaction.

I don't think there is a better way.

--
Manuel Bouyer <bouyer@antioche.eu.org>
--