On Wed, 10 Sep 2003, Anne Wilson wrote: > On Wednesday 10 Sep 2003 9:25 pm, HaywireMac wrote: > > On Wed, 10 Sep 2003 21:10:44 +0100 Anne Wilson > > <[EMAIL PROTECTED]> uttered: > > > I need to change permissions of /dev/v4l. As su I can chown, chgrp > > > and chmod, the ls shows the new values. If I log out and in again > > > they are back to what they were before. Why? It can't be security, > > > because I'm changing the owner to root. > > > > msec. > > > > it doesn't *like* you to mess with file perms outside of your home > > dir, mostly. > > > > http://www.mandrakeuser.org/docs/secure/smsec.html > > But msec originally allowed me to change it to owner anne. Why would it > not let me put it back to root? I have tried as user, but it wasn't > allowed - fair enough. As root the change was accepted - until I logged > out and in again. Then anne owned it again.
Two comments: 1) The problem most people have with msec and permissions isn't that it somehow doesn't "allow" them to make a change, but that when the msec cron job runs later, it detects whatever change was made (by comparing current permissions on the files/dirs that come under its purview to the values it expects to find), and "corrects" any differences it uncovers; this is why those changes don't appear to "stick". But that isn't what's going on in this case, anyway, AFAICT. 2) What govern the permissions changes at login for such devices are the relevant entries within the /etc/security/console.perms file. This file controls the temporary resetting of ownership and permissions on various devices to the UID of the logged-in user, and also the settings they will revert to when that user logs out. The format of the file is explained in the comments at the top of the file itself, and further info is in the "console.perms" man page. I would think that to prevent the switch of the v4l device's ownership to that of the user, you would want to comment out this line near the bottom: <console> 0600 <v4l> 0600 root.sys Your line may differ, as this is from my 9.0 system. Reboot, and hopefully then the device will stay owned by root, even after you log in as anne. HTH! -- Bill Mullen [EMAIL PROTECTED] MA, USA RLU #270075 MDK 8.1 & 9.0 "An opinion is like a branding iron. It is one thing to hold it, and another to press it into the skin of a friend." - James Lileks
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
