What changes my device permissions

Hello,

I have been using pam_devperm for a long time. If pam_devperm is
configured like I did, it causes that, when a user logs in on :0, the
permissions and ownerships of some device nodes in /dev are changed so
that the device file belongs to the user on :0 and has permissions
600. Now, I upgraded to a new OS version and found, that after logging
in on :0, some of the device file have permissions 660, not 600. It
seems that, after pam_devperm has changed the permissions to 600, some
other process resets them to 660.

How can I find out what is changing the device permissions?

Regards
Christoph
--
To unsubscribe from this list: send the line "unsubscribe linux-admin" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html

Re: What changes my device permissions

--=-=-=
Content-Transfer-Encoding: quoted-printable

Christoph Pleger writes:

> Hello,
>
> I have been using pam_devperm for a long time. If pam_devperm is
> configured like I did, it causes that, when a user logs in on :0, the
> permissions and ownerships of some device nodes in /dev are changed so
> that the device file belongs to the user on :0 and has permissions
> 600. Now, I upgraded to a new OS version and found, that after logging
> in on :0, some of the device file have permissions 660, not 600. It
> seems that, after pam_devperm has changed the permissions to 600, some
> other process resets them to 660.
>
> How can I find out what is changing the device permissions?

There's the hard way: use process accounting.

There's also easier way which *might* work: provide a shell wrapper for
chmod, like so:

$ : >/tmp/chmod-log && chmod 666 /tmp/chmod-log
$ cd /usr/bin
$ mv chmod chmod-
$ cat >chmod < #!/bin/sh
echo "$@" >>/tmp/log
/usr/bin/chmod- "$@"
EOD

=2D-=20
Best regards, _ _
.o. | Liege of Serenly Enlightened Majesty of o' \,=3D./ `o
..o | Computer Science, Michal "mina86" Nazarewicz (o o)
ooo +------ooO--(_)--Ooo--

--=-=-=
Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.14 (GNU/Linux)

iEYEARECAAYFAkwOLo0ACgkQUyzLALfG3x5YVQCgppQzJomgCNOaakA4Qhh4 MbXu
/DUAoI6nnBpag35IDfRknz2qNTog/Dt8
=CTDf
-----END PGP SIGNATURE-----
--=-=-=--
--
To unsubscribe from this list: send the line "unsubscribe linux-admin" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html

Re: What changes my device permissions

Hello,

On Tue, 08 Jun 2010 13:50:30 +0200
Michal Nazarewicz wrote:

> There's the hard way: use process accounting.
>
> There's also easier way which *might* work: provide a shell wrapper
> for chmod, like so:

Unfortunately, these solutions did not help.

In the meanwhile, I found out that my original problem (wrong
permissions of devices, for example /dev/sr0) can be solved in two ways:

1. Deinstall consolekit
2. Use another display manager than gdm

But I am looking for a solution that works with every display manager,
and I need consolekit to solve other problems.

Regards
Christoph
--
To unsubscribe from this list: send the line "unsubscribe linux-admin" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html