dhuber@aut.autelca.ascom.ch (Daniel Huber) (12/02/90)
I'm not a unix "specialist" at the moment (probably in future..hi guys) :-) Ok. Here is my question: Whenever somebody logs in on the system console he owns the device /dev/console. He can do everything with it. Even delete it. In this case the sysadm has a lot of work if the machine goes down before the file /dev/console is existent again. Reloading a tape with a miniUNIX etc... Is there a way to prevent deleting (I assume accidentally) the /dev/console file? Daniel -- Daniel Huber AD-KT2.6 VOICE: +41 31 52 96 64 Ascom Autelca AG FAX: +41 31 52 53 01 CH-3073 Guemligen EMAIL: dhuber@autelca.ascom.ch Switzerland UUCP: uunet!chx400!hslrswi!aut!dhuber
tchrist@convex.COM (Tom Christiansen) (12/03/90)
In article <1174@aut.autelca.ascom.ch> dhuber@aut.autelca.ascom.ch (Daniel Huber) writes: >I'm not a unix "specialist" at the moment (probably in future..hi guys) >:-) > >Ok. Here is my question: > >Whenever somebody logs in on the system console he owns the device >/dev/console. >He can do everything with it. Even delete it. Only circumstantially. Ownership of a file has nothing to do with deleting it in UNIX. Check out the permissions on /dev. Make them mode 0755, owner root.bin, or whatever group makes sense on your system. Of course, if they're the superuser, it can still happen. --tom
sef@kithrup.COM (Sean Eric Fagan) (12/03/90)
In article <1174@aut.autelca.ascom.ch> dhuber@aut.autelca.ascom.ch (Daniel Huber) writes: >Whenever somebody logs in on the system console he owns the device >/dev/console. >Even delete it. The only way a user can delete (unlink) a file is if (s)he has write access to the directory in which the file resides. Just because /dev/console is owned by a user, this alone does not mean said user can delete the file. Check the permissions on /dev. -- Sean Eric Fagan | "I made the universe, but please don't blame me for it; sef@kithrup.COM | I had a bellyache at the time." -----------------+ -- The Turtle (Stephen King, _It_) Any opinions expressed are my own, and generally unpopular with others.
martin@mwtech.UUCP (Martin Weitzel) (12/03/90)
In article <1174@aut.autelca.ascom.ch> dhuber@aut.autelca.ascom.ch (Daniel Huber) writes: >Whenever somebody logs in on the system console he owns the device >/dev/console. >He can do everything with it. Even delete it. Not true (at least on every flavour of UNIX I know, which includes V7 + SYS-III derived XENIX and several SYS-V derived systems). To delete a file you need *not* to be owner of this file but you need write access to the directory which holds the entry. So, if the user owns /dev/console, he still can not delete it; if deleting /dev/console is possible on your system, check the permissions of the /dev-directory. There should be *no* write access for regular users. -- Martin Weitzel, email: martin@mwtech.UUCP, voice: 49-(0)6151-6 56 83
darcy@druid.uucp (D'Arcy J.M. Cain) (12/03/90)
In article <1174@aut.autelca.ascom.ch> Daniel Huber writes: >Whenever somebody logs in on the system console he owns the device >/dev/console. >He can do everything with it. Even delete it. In this case the sysadm >has a lot of work if the machine goes down before the file /dev/console >is existent again. Reloading a tape with a miniUNIX etc... >Is there a way to prevent deleting (I assume accidentally) the >/dev/console file? I don't know how you can protect it but if it is a problem why not add something to your rc scripts that checks for the device and creates it if it is missing. That way you can get it back simply by re-booting. -- D'Arcy J.M. Cain (darcy@druid) | D'Arcy Cain Consulting | I support gun control. West Hill, Ontario, Canada | Let's start with the government! + 416 281 6094 |
gwyn@smoke.brl.mil (Doug Gwyn) (12/03/90)
In article <1174@aut.autelca.ascom.ch> dhuber@aut.autelca.ascom.ch (Daniel Huber) writes: >Whenever somebody logs in on the system console he owns the device >/dev/console. He can do everything with it. Even delete it. He shouldn't be able to unlink it if he doesn't have write permission on /dev.
chris@vision.UUCP (Chris Davies) (12/04/90)
In article <1174@aut.autelca.ascom.ch> dhuber@aut.autelca.ascom.ch (Daniel Huber) writes: >Whenever somebody logs in on the system console he owns the device >/dev/console. >He can do everything with it. Even delete it. [...] No, they shouldn't be able to delete it. You should check the permissions of the directory /dev (SysV command is 'ls -ld /dev'); they should be something like rwxr-xr-x with owner bin, root, or sys. In general if a user doesn't have write access to a directory then they cannot delete any files from it. Chris -- VISIONWARE LTD | UK: chris@vision.uucp JANET: chris%vision.uucp@ukc 57 Cardigan Lane | US: chris@vware.mn.org BANGNET: ...!ukc!vision!chris LEEDS LS4 2LE, England | VOICE: +44 532 788858 FAX: +44 532 304676 -------------- "VisionWare: The home of DOS/UNIX/X integration" -------------
mark@loki.une.oz (Mark Garrett ) (12/05/90)
From article <1990Dec3.141053.6815@druid.uucp>, by darcy@druid.uucp (D'Arcy J.M. Cain): > In article <1174@aut.autelca.ascom.ch> Daniel Huber writes: >>Whenever somebody logs in on the system console he owns the device >>/dev/console. >>He can do everything with it. Even delete it. In this case the sysadm >>has a lot of work if the machine goes down before the file /dev/console >>is existent again. Reloading a tape with a miniUNIX etc... >>Is there a way to prevent deleting (I assume accidentally) the >>/dev/console file? On all the version of unix that I've used you require write permission to a directory to remove a file from it. Remember its the file dev on device / that you must update to remove a file ! If you can remove this file just because you own it then you had better look at the owner and file protection on dev ! NOW !!!! And get these somebody(s) away from your console !!!!!! -- Mark Garrett Internet: mark@loki.une.oz.au University of NewEngland ACSnet: mark@loki.une.oz Northern Rivers VAX/VMS PSI: psi%0505266222011::mark Lismore NSW Australia Phone: +61 (066) 230859
peter@secyt.edu.ar (Pedro Victor Pintus) (12/07/90)
In article <109706@convex.convex.com> tchrist@convex.COM (Tom Christiansen) writes: >In article <1174@aut.autelca.ascom.ch> dhuber@aut.autelca.ascom.ch (Daniel Huber) writes: >>I'm not a unix "specialist" at the moment (probably in future..hi guys) >>:-) >> >>Ok. Here is my question: >> >>Whenever somebody logs in on the system console he owns the device >>/dev/console. >>He can do everything with it. Even delete it. > >Only circumstantially. Ownership of a file has nothing to do with >deleting it in UNIX. Check out the permissions on /dev. Make them mode >0755, owner root.bin, or whatever group makes sense on your system. Of >course, if they're the superuser, it can still happen. > >--tom BTW, if the user is logged in /dev/console, the system is (high probably) in single user (maintenance) mode, which implies: a) those user _is_ the system admin or b) the sysadm is so foolish to leave the system open to people in single user mode (aka System maintenance mode). In any case is _their_ fault if he later has his head screwed on with the big trouble of re-install the console device in order to be capable of boot the system. Cheers, Peter. -- +-----------------------------------------------+ | Pedro Victor Pintus | | Secretaria de Ciencia y Tecnologia | | Buenos Aires, Rep. Argentina | | Internet: peter@secyt.ar | | UUCP : ...!uunet!banyc!atina!secyt!peter | +-----------------------------------------------+
ralfi@pemstgt.PEM-Stuttgart.de (Ralf Holighaus) (12/08/90)
dhuber@aut.autelca.ascom.ch (Daniel Huber) writes: >I'm not a unix "specialist" at the moment (probably in future..hi guys) >:-) >Ok. Here is my question: >Whenever somebody logs in on the system console he owns the device >/dev/console. >He can do everything with it. Even delete it. In this case the sysadm >has a lot of work if the machine goes down before the file /dev/console >is existent again. Reloading a tape with a miniUNIX etc... >Is there a way to prevent deleting (I assume accidentally) the >/dev/console file? >Daniel Make a link to one ore more other /dev entries (I suppose that is already the case; maybe /dev/console is linked to /dev/crt or somethink similar; check either the inodes or major/minor numbers to see it it is already present). For example, execute 'ln /dev/console /dev/systty'. If it then happens that someone deletes /dev/console, you still have /dev/systty and can relink it to /dev/console. Rgds Ralf -- Programmentwicklung fuer Microcomputer | Ralf U. Holighaus PO-Box 810165 Vaihinger Strasse 49 | >> PEM Support << (W)7000 Stuttgart 80 Germany | holighaus@pemstgt.PEM-Stuttgart.de VOICE: x49-711-713045 FAX: x49-721-713047 | ..!unido!pemstgt!ralfi
peter@secyt.edu.ar (Pedro Victor Pintus) (12/08/90)
In article <109706@convex.convex.com> tchrist@convex.COM (Tom Christiansen) writes: >In article <1174@aut.autelca.ascom.ch> dhuber@aut.autelca.ascom.ch (Daniel Huber) writes: >>I'm not a unix "specialist" at the moment (probably in future..hi guys) >>:-) >> >>Ok. Here is my question: >> >>Whenever somebody logs in on the system console he owns the device >>/dev/console. >>He can do everything with it. Even delete it. > >Only circumstantially. Ownership of a file has nothing to do with >deleting it in UNIX. Check out the permissions on /dev. Make them mode >0755, owner root.bin, or whatever group makes sense on your system. Of >course, if they're the superuser, it can still happen. > >--tom BTW, if the user is logged in /dev/console, the system is (high probably) in single user (maintenance) mode, which implies: a) those user _is_ the system admin or b) the sysadm is so foolish to leave the system open to people in single user mode (aka System maintenance mode). In any case is _his_ fault if he later has his head screwed on with the big trouble of re-install the console device in order to be capable of boot the system. Cheers, Peter. -- +-----------------------------------------------+ | Pedro Victor Pintus | | Secretaria de Ciencia y Tecnologia | | Buenos Aires, Rep. Argentina | | Internet: peter@secyt.ar | | UUCP : ...!uunet!banyc!atina!secyt!peter | +-----------------------------------------------+