Re: [expert] Permissions don't stick
On Thu, 11 Sep 2003, Anne Wilson wrote: > On Thursday 11 Sep 2003 4:07 am, Bill Mullen wrote: > > > > The format of the file is explained in the comments at the top of the > > file itself, and further info is in the "console.perms" man page. I > > would think that to prevent the switch of the v4l device's ownership > > to that of the user, you would want to comment out this line near the > > bottom: > > > > 0600 0600 root.sys > > > > Your line may differ, as this is from my 9.0 system. Reboot, and > > hopefully then the device will stay owned by root, even after you log > > in as anne. > > Hi, Bill. Based on what you had said, I changed the line to > 0750 0750 root.video Better job would be to change both 0750's to 0660 (or 0666). This line controls permissions on the actual device nodes themselves (such as /dev/v4l/video0), and execute permissions have no purpose on a device node. But you're commenting it out anyway - just don't leave it like that, in case you want to turn it back on someday. I'd go with 0660. > When I rebooted I found that the group had been changed to video - > small progress - but the owner was still anne. Perhaps I should > have done more exactly what you said, and commented the line out. > I'm going to try that. If it then allows me to make the change, > should I then uncomment it again? No. By commenting out the line, you are preventing the change to anne at each login; if you then uncomment it, that behavior will recur. Leave it commented, reboot, change the perms to what you want them to be and they should thereafter remain as you have set them. -- Bill Mullen [EMAIL PROTECTED] MA, USA RLU #270075 MDK 8.1 & 9.0 "An opinion is like a branding iron. It is one thing to hold it, and another to press it into the skin of a friend." - James Lileks Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Permissions don't stick
On Thursday 11 Sep 2003 10:16 am, Anne Wilson wrote: > On Thursday 11 Sep 2003 9:18 am, KevinO wrote: > > Anne Wilson wrote: > > > This file doesn't exist in mine. Did you have to create it? > > > If not, that implies that something is missing in the way mine > > > is set up. > > > > It is not there by default. You create it if you want to override > > msec's behavior in some way. > > Well, I did that, rebooted, and it made no difference. This is > crazy. Imust be missing something. > > Anne It seems that msec does in fact change the ownership to root, every hour - which is what I need. However, the permissions that it sets (640)are wrong for this app (660), and also the changes msec made are lost if I log out. What could possibly be overwriting them? Anne -- Registered Linux User No.293302 Have you visited http://twiki.mdklinuxfaq.org yet? Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Permissions don't stick
On Thursday 11 Sep 2003 9:18 am, KevinO wrote: > Anne Wilson wrote: > > This file doesn't exist in mine. Did you have to create it? If > > not, that implies that something is missing in the way mine is > > set up. > > It is not there by default. You create it if you want to override > msec's behavior in some way. Well, I did that, rebooted, and it made no difference. This is crazy. Imust be missing something. Anne -- Registered Linux User No.293302 Have you visited http://twiki.mdklinuxfaq.org yet? Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Permissions don't stick
On Thursday 11 Sep 2003 9:18 am, KevinO wrote: > Anne Wilson wrote: > > This file doesn't exist in mine. Did you have to create it? If > > not, that implies that something is missing in the way mine is > > set up. > > It is not there by default. You create it if you want to override > msec's behavior in some way. Thanks, Kevin. I'll do that. BTW, I did look at your web site - no difficulty in reading it now Anne -- Registered Linux User No.293302 Have you visited http://twiki.mdklinuxfaq.org yet? Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Permissions don't stick
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Anne Wilson wrote: > This file doesn't exist in mine. Did you have to create it? If not, > that implies that something is missing in the way mine is set up. It is not there by default. You create it if you want to override msec's behavior in some way. - -- KevinO "If truth is beauty, how come no one has their hair done in the library?" - -- Lily Tomlin -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.7 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE/YC/KWOfRC7Rnmv8RAu2FAJ9Mqle4SlsjyKBVgxAesJ8DHsGurQCdFHVw HxKFY1D5+Dkr9/7R7IVKh78= =63A5 -END PGP SIGNATURE- Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Permissions don't stick
On Wednesday 10 Sep 2003 10:05 pm, HaywireMac wrote: > On Wed, 10 Sep 2003 21:33:01 +0100 > > Anne Wilson <[EMAIL PROTECTED]> uttered: > > But msec originally allowed me to change it to owner anne. Why > > would it not let me put it back to root? I have tried as user, > > but it wasn't allowed - fair enough. As root the change was > > accepted - until I logged out and in again. Then anne owned it > > again. > > You can override msec in /etc/security/msec/perm.local, and all > will be well. > This file doesn't exist in mine. Did you have to create it? If not, that implies that something is missing in the way mine is set up. > As an example, I have this in mine: > > /home/mp3/ root.users 777 > > Interesting question, tho. I guess it just likes Anne better than > Root, I know I do. ;-) Not enough to do as it's told, though Anne -- Registered Linux User No.293302 Have you visited http://twiki.mdklinuxfaq.org yet? Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Permissions don't stick
On Thursday 11 Sep 2003 4:07 am, Bill Mullen wrote: > Two comments: > > 1) The problem most people have with msec and permissions isn't > that it somehow doesn't "allow" them to make a change, but that > when the msec cron job runs later, it detects whatever change was > made (by comparing current permissions on the files/dirs that come > under its purview to the values it expects to find), and "corrects" > any differences it uncovers; this is why those changes don't appear > to "stick". But that isn't what's going on in this case, anyway, > AFAICT. > > 2) What govern the permissions changes at login for such devices > are the relevant entries within the /etc/security/console.perms > file. This file controls the temporary resetting of ownership and > permissions on various devices to the UID of the logged-in user, > and also the settings they will revert to when that user logs out. > > The format of the file is explained in the comments at the top of > the file itself, and further info is in the "console.perms" man > page. I would think that to prevent the switch of the v4l device's > ownership to that of the user, you would want to comment out this > line near the bottom: > > 0600 0600 root.sys > > Your line may differ, as this is from my 9.0 system. Reboot, and > hopefully then the device will stay owned by root, even after you > log in as anne. > > HTH! Hi, Bill. Based on what you had said, I changed the line to 0750 0750 root.video When I rebooted I found that the group had been changed to video - small progress - but the owner was still anne. Perhaps I should have done more exactly what you said, and commented the line out. I'm going to try that. If it then allows me to make the change, should I then uncomment it again? Anne -- Registered Linux User No.293302 Have you visited http://twiki.mdklinuxfaq.org yet? Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Permissions don't stick
On Wed, 10 Sep 2003 21:33:01 +0100 Anne Wilson <[EMAIL PROTECTED]> uttered: > > But msec originally allowed me to change it to owner anne. Why would > it not let me put it back to root? I have tried as user, but it > wasn't allowed - fair enough. As root the change was accepted - > until I logged out and in again. Then anne owned it again. You can override msec in /etc/security/msec/perm.local, and all will be well. As an example, I have this in mine: /home/mp3/ root.users 777 Interesting question, tho. I guess it just likes Anne better than Root, I know I do. ;-) -- HaywireMac Registered Linux user #282046 Homepage: www.orderinchaos.org ++ Mandrake HowTo's & More: http://twiki.mdklinuxfaq.org ++ "The chain which can be yanked is not the eternal chain." -- G. Fitch Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Permissions don't stick
On Wed, 10 Sep 2003, Anne Wilson wrote: > On Wednesday 10 Sep 2003 9:25 pm, HaywireMac wrote: > > On Wed, 10 Sep 2003 21:10:44 +0100 Anne Wilson > > <[EMAIL PROTECTED]> uttered: > > > I need to change permissions of /dev/v4l. As su I can chown, chgrp > > > and chmod, the ls shows the new values. If I log out and in again > > > they are back to what they were before. Why? It can't be security, > > > because I'm changing the owner to root. > > > > msec. > > > > it doesn't *like* you to mess with file perms outside of your home > > dir, mostly. > > > > http://www.mandrakeuser.org/docs/secure/smsec.html > > But msec originally allowed me to change it to owner anne. Why would it > not let me put it back to root? I have tried as user, but it wasn't > allowed - fair enough. As root the change was accepted - until I logged > out and in again. Then anne owned it again. Two comments: 1) The problem most people have with msec and permissions isn't that it somehow doesn't "allow" them to make a change, but that when the msec cron job runs later, it detects whatever change was made (by comparing current permissions on the files/dirs that come under its purview to the values it expects to find), and "corrects" any differences it uncovers; this is why those changes don't appear to "stick". But that isn't what's going on in this case, anyway, AFAICT. 2) What govern the permissions changes at login for such devices are the relevant entries within the /etc/security/console.perms file. This file controls the temporary resetting of ownership and permissions on various devices to the UID of the logged-in user, and also the settings they will revert to when that user logs out. The format of the file is explained in the comments at the top of the file itself, and further info is in the "console.perms" man page. I would think that to prevent the switch of the v4l device's ownership to that of the user, you would want to comment out this line near the bottom: 0600 0600 root.sys Your line may differ, as this is from my 9.0 system. Reboot, and hopefully then the device will stay owned by root, even after you log in as anne. HTH! -- Bill Mullen [EMAIL PROTECTED] MA, USA RLU #270075 MDK 8.1 & 9.0 "An opinion is like a branding iron. It is one thing to hold it, and another to press it into the skin of a friend." - James Lileks Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Permissions don't stick
On Wed, 2003-09-10 at 13:33, Anne Wilson wrote: > On Wednesday 10 Sep 2003 9:25 pm, HaywireMac wrote: > > On Wed, 10 Sep 2003 21:10:44 +0100 > > > > Anne Wilson <[EMAIL PROTECTED]> uttered: > > > I need to change permissions of /dev/v4l. As su I can chown, > > > chgrp and chmod, the ls shows the new values. If I log out and > > > in again they are back to what they were before. Why? It can't > > > be security, because I'm changing the owner to root. > > > > msec. > > > > it doesn't *like* you to mess with file perms outside of your home > > dir, mostly. > > > > http://www.mandrakeuser.org/docs/secure/smsec.html > > But msec originally allowed me to change it to owner anne. Why would > it not let me put it back to root? I have tried as user, but it > wasn't allowed - fair enough. As root the change was accepted - > until I logged out and in again. Then anne owned it again. > > Anne Reason number 43 of why I just "love" msec *grin*. but it could very well be the problem. It's "helping" you. James Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Permissions don't stick
On Wednesday 10 Sep 2003 9:25 pm, HaywireMac wrote: > On Wed, 10 Sep 2003 21:10:44 +0100 > > Anne Wilson <[EMAIL PROTECTED]> uttered: > > I need to change permissions of /dev/v4l. As su I can chown, > > chgrp and chmod, the ls shows the new values. If I log out and > > in again they are back to what they were before. Why? It can't > > be security, because I'm changing the owner to root. > > msec. > > it doesn't *like* you to mess with file perms outside of your home > dir, mostly. > > http://www.mandrakeuser.org/docs/secure/smsec.html But msec originally allowed me to change it to owner anne. Why would it not let me put it back to root? I have tried as user, but it wasn't allowed - fair enough. As root the change was accepted - until I logged out and in again. Then anne owned it again. Anne -- Registered Linux User No.293302 Have you visited http://twiki.mdklinuxfaq.org yet? Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Permissions don't stick
On Wed, 10 Sep 2003 21:10:44 +0100 Anne Wilson <[EMAIL PROTECTED]> uttered: > I need to change permissions of /dev/v4l. As su I can chown, chgrp > and chmod, the ls shows the new values. If I log out and in again > they are back to what they were before. Why? It can't be security, > because I'm changing the owner to root. msec. it doesn't *like* you to mess with file perms outside of your home dir, mostly. http://www.mandrakeuser.org/docs/secure/smsec.html -- HaywireMac Registered Linux user #282046 Homepage: www.orderinchaos.org ++ Mandrake HowTo's & More: http://twiki.mdklinuxfaq.org ++ In the long run we are all dead. -- John Maynard Keynes Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
