kinzler@iuvax.cs.indiana.edu (Steve Kinzler) (05/28/91)
In an attempt to improve security on our Alliant FX/8 running Concentrix 5.0.0, I wanted to make /dev/kmem and /dev/mem not world-readable. So I made a group kmem (gid 6), found the system programs that need to read /dev/*mem, made them all setgid kmem, and made /dev/*mem owned by group kmem. But, when I "chmod o-r /dev/*mem", I find that ordinary users can't run these system programs (such as /bin/ps, /bin/mon, etc). They get "Permission denied". Am I missing something fundamental here, or is this a quirk of Concentrix? I've done this on other varients of Unix with success. Thanks for any help, Steve Kinzler Sys Admin IU Comp Sci