Date: Sun, 14 May 1995 22:57:47 +0100 From: Mark Valentine <mark@linus.demon.co.uk> To: current@FreeBSD.org Subject: MAKEDEV and device permissions Message-ID: <199505142157.WAA14963@linus.demon.co.uk>
next in thread | raw e-mail | index | archive | help
MAKEDEV seems to be a bit confused about how to set the permissions
on several devices (e.g. fd*). It temporarily uses a less restrictive
umask than the one it starts off with, but then chmods the devices
to be more restricted anyway. In the case of joy*, it doesn't set
the umask back. (Apart from this last bit, the problem is only one
of internal consistency.)
Suggested fix: (policy) decide which one is right. Make the chmod
calls agree, and remove the umask adjustments. (Personally, I prefer
devices such as floppy and tape to be operator-writeable, but rc.local
can handle non-default policy.) To be consistent, modify the parts
which rely only on the umask to use chmod instead. The enclosed
patch is one way to go about it.
I've also removed the umask calls around the invocation of
MAKEDEV.local, since the default MAKEDEV.local sets the umask
explicitly anyway. The worst case where "local" isn't the last
argument to MAKEDEV and MAKEDEV.local leaves an inappropriate
umask is pretty obscure, expecially if MAKEDEV no longer relies
on the umask.
The labpc* stuff could probably be a bit more explicit, since the
devices are group writeable, but the group is defaulted.
In the case of the audio devices, perhaps we need a hook into the
login process to enable at least these to be readable/writeable by
whoever logs in on the "console". (I've left them relying on umask
here.)
This patch is against:
# $Id: MAKEDEV,v 1.91 1995/05/07 23:04:03 ache Exp $
It also fixes a minor complaint when creating the matcd devices.
Mark.
--- /dev/MAKEDEV Tue May 9 23:08:39 1995
+++ /tmp/MAKEDEV Sun May 14 22:32:52 1995
@@ -198,7 +198,7 @@
# Create device files for new Archive/Wangtek QIC-02 tape driver (vak)
wt*)
- umask 7 ; u=`expr $i : '..\(.*\)'`
+ u=`expr $i : '..\(.*\)'`
if [ x$u = x ]; then u=0; fi
rm -f r[Ww]t$u nr[Ww]t$u r[Ww]t$u[a-f] nr[Ww]t$u[a-f]
mknod rwt${u} c 10 `expr 0 + $u` # default density, 512b blocks
@@ -216,11 +216,11 @@
# mknod rwt${u}f c 10 `expr 48 + $u` # 600 megabytes?
# mknod nrwt${u}f c 10 `expr 52 + $u`
chown root.operator r[Ww]t$u nr[Ww]t$u r[Ww]t$u[a-f] nr[Ww]t$u[a-f]
- umask 77
+ chmod 600 r[Ww]t$u nr[Ww]t$u r[Ww]t$u[a-f] nr[Ww]t$u[a-f]
;;
fd*)
- umask 2 ; unit=`expr $i : '..\(.*\)'`
+ unit=`expr $i : '..\(.*\)'`
name=fd; blk=2; chr=9;
rm -f $name$unit* r$name$unit*
case $unit in
@@ -300,12 +300,11 @@
echo bad unit for disk in: $i
;;
esac
- umask 77
;;
ft*)
- umask 2 ; unit=`expr $i : '..\(.*\)'`
+ unit=`expr $i : '..\(.*\)'`
name=ft; blk=2; chr=9;
rm -f $name$unit* r$name$unit*
case $unit in
@@ -321,12 +320,10 @@
echo bad unit for tape in: $i
;;
esac
- umask 77
;;
# Individual slices.
sd*s*|vn*s*|wd*s*)
- umask 37
case $i in
sd*s*) name=sd; blk=4; chr=13;;
wd*s*) name=wd; blk=0; chr=3;;
@@ -369,6 +366,7 @@
esac
chgrp operator $name$unit$slicename* \
r$name$unit$slicename*
+ chmod 640 $name$unit$slicename* r$name$unit$slicename
;;
*)
echo bad slice for disk in: $i
@@ -379,11 +377,9 @@
echo bad unit for disk in: $i "(unit=$unit, slice=$slice, part=$part)"
;;
esac
- umask 77
;;
sd*|vn*|wd*)
- umask 37
case $i in
sd*) name=sd; blk=4; chr=13;;
wd*) name=wd; blk=0; chr=3;;
@@ -408,13 +404,14 @@
echo bad unit for disk in: $i
;;
esac
- umask 77
;;
uk*)
unit=`expr $i : 'uk\(.*\)'`
rm -f uk$unit
mknod uk$unit c 31 $unit
+ chgrp operator uk$unit
+ chmod 640 uk$unit
;;
worm*)
@@ -426,6 +423,7 @@
name=worm
rm -f r${name}${unit}
mknod r${name}${unit} c $chr ${unit}
+ chmod 600 r${name}${unit}
rm -f r${name}${unit}.ctl
mknod r${name}${unit}.ctl c $chr `expr $unit + $scsictl `
chmod 600 r${name}${unit}.ctl
@@ -442,6 +440,7 @@
unit=`expr $unit + 1 - 1`
rm -f ${name}${unit}
mknod ${name}${unit} c $chr $unit
+ chmod 600 ${name}${unit}
rm -f ${name}${unit}.ctl
mknod ${name}${unit}.ctl c $chr `expr $unit + $scsictl `
chmod 600 ${name}${unit}.ctl
@@ -464,27 +463,27 @@
esac
case $class in
0|1|2|3|4|5|6|7)
- umask 0
eval `echo $offset $name | awk ' { b=$1; n=$2 } END { \
for (i = 0; i < 32; i++) {
c = substr("0123456789abcdefghijklmnopqrstuv", i + 1, 1); \
printf("rm -f tty%s%s pty%s%s; \
mknod tty%s%s c 5 %d; \
mknod pty%s%s c 6 %d; \
- chown root.wheel tty%s%s pty%s%s;", \
+ chown root.wheel tty%s%s pty%s%s; \
+ chmod 666 tty%s%s pty%s%s;", \
n, c, n, c, \
n, c, b+i, \
n, c, b+i, \
+ n, c, n, c, \
n, c, n, c); \
} \
}'`
- umask 77
;;
esac
;;
st*)
- umask 2 ; unit=`expr $i : '..\(.*\)'`
+ unit=`expr $i : '..\(.*\)'`
chr=14;
#remove old stype names
@@ -524,11 +523,10 @@
echo bad unit for tape in: $i
;;
esac
- umask 77
;;
ch*)
- umask 2 ; unit=`expr $i : '..\(.*\)'`
+ unit=`expr $i : '..\(.*\)'`
case $i in
ch*) name=ch; chr=17;;
esac
@@ -546,11 +544,9 @@
echo bad unit for media changer in: $i
;;
esac
- umask 77
;;
cd*|mcd*|scd*)
- umask 2 ;
case $i in
cd*) unit=`expr $i : '..\(.*\)'`; name=cd; blk=6; chr=15;;
mcd*) unit=`expr $i : '...\(.*\)'`; name=mcd; blk=7; chr=29;;
@@ -577,15 +573,14 @@
echo bad unit for disk in: $i
;;
esac
- umask 77
;;
matcd*)
- umask 2 ;
case $i in
matcd*) unit=`expr $i : '.....\(.*\)'`; name=matcd; blk=17; chr=46;;
esac
rm -f $name$unit? r$name$unit?
+ rm -f $name${unit}l? r$name${unit}l?
case $unit in
0|1|2|3|4|5|6|7|8|9|10|11|12|13|14|15)
mknod ${name}${unit}a b $blk `expr $unit '*' 8 + 0`
@@ -606,7 +601,6 @@
echo bad unit for disk in: $i
;;
esac
- umask 77
;;
lpt*)
@@ -617,6 +611,8 @@
mknod lpctl$unit c 16 `expr $unit + 128`
chown root.wheel lpt$unit
chown root.wheel lpctl$unit
+ chmod 600 lpt$unit
+ chmod 600 lpctl$unit
;;
tw*)
@@ -624,6 +620,7 @@
rm -f tw$unit
mknod tw$unit c 19 $unit
chown root.operator tw$unit
+ chmod 600 tw$unit
;;
# Use this to create virtual consoles for syscons, pcvt or codrv
@@ -635,8 +632,9 @@
eval `echo ${chr} ${units} | awk ' { c=$1; n=$2 } END {
for (i = 0; i < n; i++)
printf("rm -f ttyv%01x; mknod ttyv%01x c %d %d; \
- chown root.wheel ttyv%01x;", \
- i, i, c, i, i); }'`
+ chown root.wheel ttyv%01x; \
+ chmod 600 ttyv%01x;", \
+ i, i, c, i, i, i, i); }'`
ln -fs ttyv0 vga # XXX X still needs this pccons relic
;;
@@ -645,16 +643,17 @@
rm -f bpf$unit
mknod bpf$unit c 23 $unit
chown root.wheel bpf$unit
+ chmod 600 bpf$unit
;;
speaker)
rm -f speaker
mknod speaker c 26 0
chown root.wheel speaker
+ chmod 600 speaker
;;
cuaa?|cua?)
- umask 7
unit=`expr $i : 'cua.*\(.\)$'`
rm -f cua*a$unit
m=`ttyminor $unit`
@@ -662,7 +661,7 @@
mknod cuaia$unit c 28 `expr $m + 32 + 128`
mknod cuala$unit c 28 `expr $m + 64 + 128`
chown uucp.dialer cua*a$unit
- umask 77
+ chmod 660 cua*a$unit
;;
tty0?|ttyd?|tty?)
@@ -673,10 +672,10 @@
mknod ttyid$unit c 28 `expr $m + 32`
mknod ttyld$unit c 28 `expr $m + 64`
chown root.wheel tty*d$unit
+ chmod 600 tty*d$unit
;;
cuac?)
- umask 7
unit=`expr $i : 'cua.*\(.\)$'`
rm -f cua*c$unit
m=`ttyminor $unit`
@@ -684,7 +683,7 @@
mknod cuaic$unit c 48 `expr $m + 32 + 128`
mknod cualc$unit c 48 `expr $m + 64 + 128`
chown uucp.dialer cua*c$unit
- umask 77
+ chmod 660 cua*c$unit
;;
ttyc?)
@@ -695,18 +694,18 @@
mknod ttyic$unit c 48 `expr $m + 32`
mknod ttylc$unit c 48 `expr $m + 64`
chown root.wheel tty*c$unit
+ chmod 600 tty*c$unit
;;
# RISCom8 'rc' driver entries
cuam?)
- umask 7
unit=`expr $i : 'cua.*\(.\)$'`
rm -f cuam$unit
m=`ttyminor $unit`
mknod cuam$unit c 63 `expr $m + 128`
chown uucp.dialer cuam$unit
- umask 77
+ chmod 660 cuam$unit
;;
ttym?)
@@ -715,6 +714,7 @@
m=`ttyminor $unit`
mknod ttym$unit c 63 $m
chown root.wheel ttym$unit
+ chmod 600 ttym$unit
;;
mse*)
@@ -723,6 +723,7 @@
rm -f mse$unit
mknod mse$unit c $chr `expr $unit '*' 2 + 1` # non-blocking for X11
chown root.wheel mse$unit
+ chmod 600 mse$unit
;;
psm*)
@@ -731,6 +732,7 @@
rm -f psm$unit
mknod psm$unit c $chr `expr $unit '*' 2 + 1` # non-blocking for X11
chown root.wheel psm$unit
+ chmod 600 psm$unit
;;
mouse*)
@@ -747,6 +749,7 @@
mknod pcaudio c 24 0
mknod pcaudioctl c 24 128
chown root.wheel pcaudio pcaudioctl
+ chmod 600 pcaudio pcaudioctl
;;
socksys)
@@ -837,16 +840,17 @@
rm -f $i
mknod $i c 42 $unit
chown uucp.wheel $i
+ chmod 600 $i
;;
cronyx)
rm -f cronyx
mknod cronyx c 42 63
chown root.wheel cronyx
+ chmod 600 cronyx
;;
joy)
- umask 2
rm -f joy0 joy1
mknod joy0 c 51 0
mknod joy1 c 51 1
@@ -865,6 +869,7 @@
rm -f tun$unit
mknod tun$unit c 52 $unit
chown uucp.dialer tun$unit
+ chmod 600 tun$unit
;;
snp?)
@@ -937,7 +942,6 @@
# labpcdio: Digital in and Digital out.
#
labpc*)
- umask 7
case $i in
labpcaio*)
name=labpcaio
@@ -963,25 +967,24 @@
0|1|2|3|4|5|6|7)
rm -f $name$unit
mknod $name$unit c 66 `expr $offset + $unit `
+ chmod 660 $name$unit
;;
all)
for i in $all
do
rm -f $name$i
mknod $name$i c 66 `expr $offset + $i `
+ chmod 660 $name$i
done
;;
*)
echo "No such LabPC unit: $unit"
;;
esac
- umask 77
;;
local)
- umask 0 # XXX should be elsewhere
sh MAKEDEV.local
- umask 77
;;
*)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199505142157.WAA14963>