Re: group video?

To: Kenneth MacDonald <kenny@holyrood.ed.ac.uk>
Cc: Bdale Garbee <bdale@gag.com>, debian-devel@lists.debian.org
Subject: Re: group video?
From: Lee Bradshaw <lee@sectionIV.com>
Date: Wed, 18 Aug 1999 01:11:24 -0400
Message-id: <[🔎] 19990818011123.A32193@freefall.home.sectionIV.com>
Mail-followup-to: Kenneth MacDonald <kenny@holyrood.ed.ac.uk>, Bdale Garbee <bdale@gag.com>, debian-devel@lists.debian.org
In-reply-to: <[🔎] 87aerqh1hc.fsf@penguin.ucs.ed.ac.uk>; from Kenneth MacDonald on Tue, Aug 17, 1999 at 04:26:55PM +0100
References: <[🔎] 199908151955.NAA01935@chunks.gag.com> <[🔎] 19990816153709.A25102@freefall.home.sectionIV.com> <[🔎] 87aerqh1hc.fsf@penguin.ucs.ed.ac.uk>

On Tue, Aug 17, 1999 at 04:26:55PM +0100, Kenneth MacDonald wrote:
> >>>>> "Lee" == Lee Bradshaw <lee@sectionIV.com> writes:
>     Lee> If I change the permissions on all the sg devices to group
>     Lee> rw, I can run cdparanoia as a normal user in group cdrom. But
>     Lee> I don't want to have all the scsi generic devices writeable
>     Lee> by everyone in group cdrom.  And setting just the correct
>     Lee> scsi devices to be writeable is dangerous, because modifying
>     Lee> the devices on the scsi bus may cause the generic devices to
>     Lee> point to different physical devices. That is, if I make the
>     Lee> scsi generic device for the cdrom writeable, it may be the
>     Lee> scsi generic device for a hard drive after some hardware
>     Lee> modifications.
> 
> Yes, I thought this too.  And yes, it does concern me, especially as I
> plug in external SCSI devices from time to time.  The safest thing
> would be to have a script run at system boot that sets the permissions
> on the appropriate sg files depending on the contents of
> /proc/scsi/blah-blah-blah.  In the meantime, I'll be trying to make
> sure I have all my internal devices on low SCSI ids and leave the high
> ones for external devices.

Here's a script that seems to work on one system. Please let me know if
there are security holes or cases that aren't covered. Feel free to hack
on this if you think it would be useful to include a modified version of
the script in the distribution.

I don't plug in devices with the system running, but you might be able
to shut down a scsi bus, add a device, and then bring it back up. I was
planning to have root run this script at powerup, but you may need to
run it during hot-plug operations as well (if they are even possible).

I just noticed that "./MAKEDEV sg" created sg0 through sg16. 0-16 seemed
unusual since it is so close to 0-15 (fully using 4 bits). I'm not sure
if I have one extra device or if I could just keep creating as many as
needed.

#!/usr/bin/perl
# put generic scsi devices back to default permissions
# then make the generic devices corresponding to cdrom drives
# read/write by root and group cdrom
# Lee Bradshaw
# lee@sectionIV.com
# 18 Aug 99

# get group info for cdrom
($name, $passwd, $gid, $members) = getgrnam("cdrom");

# reset the sg devices to default permissions
chdir ("/dev") ||
  die "Can't change directory to /dev";
system("./MAKEDEV sg");

# scsi system info file
open (SCSIINFO, "/proc/scsi/scsi") ||
  die "Can't read /proc/scsi/scsi";

# start at -1, first Host: will make deviceNum=0
$deviceNum = -1;
while(<SCSIINFO>) {
  # increment scsi generic number for each device
  if (m/^Host:/) { $deviceNum++ };
  # if it's a cdrom, make it read/write by group cdrom
  if (m/^\s*Type:\s*CD-ROM/) {
    #printf "device sg$deviceNum\n";
    chown (0, $gid, "sg$deviceNum");
    chmod (0660, "sg$deviceNum");
  }
}

-- 
Lee Bradshaw                 lee@sectionIV.com (preferred)
Alantro Communications       lee@alantro.com

Reply to:

References:
- group video?
  - From: Bdale Garbee <bdale@gag.com>
- Re: group video?
  - From: Lee Bradshaw <lee@sectionIV.com>
- Re: group video?
  - From: Kenneth MacDonald <kenny@holyrood.ed.ac.uk>

Prev by Date: Re: ITP: Cricket (was Re: ITP: RRDTool)
Next by Date: Re: how to make Debian less fragile (long and philosophical)
Previous by thread: Re: group video?
Next by thread: Re: group video?
Index(es):
- Date
- Thread