Date: Fri, 12 Jan 1996 00:26:21 GMT From: James Raynard <fqueries@parody.tecc.co.uk> To: michles@haven.ios.com Cc: freebsd-questions@freebsd.org Subject: Re: Problems with top. Message-ID: <199601120026.AAA01515@parody.tecc.co.uk> In-Reply-To: <Pine.BSD.3.91.960107210830.11412A-100000@haven.ios.com> (message from Emil Mikhles on Sun, 7 Jan 1996 21:09:36 -0500 (EST))
next in thread | previous in thread | raw e-mail | index | archive | help
>>>>> Emil Mikhles <michles@haven.ios.com> writes: >> >> For some reason, just now, when I execute top, when I am not root I get >> thiserror message "kvm_open: /dev/mem: Permission denied", any ideas on >> how to solve this problem? kvm_open is a function that top calls to allow to look at various kernel data structures. It does this by opening /dev/mem, which is only readable by user root and group kmem:- bash# ls -l /dev/mem crw-r----- 1 root kmem 2, 0 Nov 18 21:06 /dev/mem There are several ways around this:- 1) Make top setuid root, so it has root user privileges regardless of who is running it. Setuid root programs should be avoided if at all possible, as there are too many risks if the program is compromised in some way (even if only by a programming error). 2) Make top setgid kmem, so that it has kmem group privileges regardless of who is running it. This is much better than 1), as the scope for doing damage is considerably reduced. In fact, if you compile top yourself, the makefile will install it setgid kmem:- bash# ls -l /usr/local/bin/top -rwxr-sr-x 1 root kmem 42957 Nov 19 12:32 /usr/local/bin/top To get your copy like this, do (as root):- bash# chown root.kmem /usr/local/bin/top bash# chmod g+s /usr/local/bin/top 3) If you only want a select number of people to run it and not anyone else, you can add them to the kmem group by editing the kmem line in /etc/group:- kmem:*:2:root,fred,joe James
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199601120026.AAA01515>