I was coming from the other perspective that perhaps the permissions were 000, not 600. As it turns out, Betsie wasn't prefacing her command with "sudo" which was why it wasn't working.
And, I agree with your warnings about giving access to CP commands. If you're not careful which ones can be executed, then the whole guest is at risk. If the guest has more than class G privileges, it would put VM itself at risk. Hopefully no one is doing that, and combining the two setups. Mark Post -----Original Message----- From: Linux on 390 Port [mailto:[EMAIL PROTECTED] On Behalf Of Martin Schwidefsky Sent: Friday, October 20, 2006 4:45 AM To: LINUX-390@VM.MARIST.EDU Subject: Re: CP commands through a Web interface On Thu, 2006-10-19 at 16:57 -0400, Post, Mark K wrote: > What are the permissions on /dev/vmcp? Even if you set the permission of /dev/vmcp to allow normal users to access the device, it won't allow the user to execute cp commands. There is an additional CAP_SYS_ADMIN check in the vmcp_open function. The reason is that a user that can execute cp commands owns the machine, with strategically placed vmcp "STORE <addr> <data>" calls you change any code in the kernel. So you better make sure that nobody who is not trusted can get control to issue arbitrary cp commands. That is especially true if you use vmpc in a web interface. It sounds like a very dangerous thing to do. -- blue skies, Martin. Martin Schwidefsky Linux for zSeries Development & Services IBM Deutschland Entwicklung GmbH "Reality continues to ruin my life." - Calvin. ---------------------------------------------------------------------- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
