Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > comp.os.linux.security > #140

Re: sg (scsi) device permissions not effective

From Mike Scott <usenet.14@scottsonline.org.uk.invalid>
Newsgroups comp.os.linux.security
Subject Re: sg (scsi) device permissions not effective
Date 2012-08-13 10:13 +0100
Organization Scott family
Message-ID <k0agge$q2a$1@dont-email.me> (permalink)
References <k052g4$lkg$1@dont-email.me> <k063st$bs4$1@omega-3a.local> <k06cqh$aep$1@dont-email.me> <op.wiwpjycfa3w0dxdave@hodgins.homeip.net>

Show all headers | View raw

On 12/08/12 03:37, David W. Hodgins wrote:
> On Sat, 11 Aug 2012 15:46:24 -0400, Mike Scott
> <usenet.14@scottsonline.org.uk.invalid> wrote:
> 
>> But I've just created a 'test' account with no privileges at all; that
>> works fine as well. I ran the following while my own 'mike' account was
>> still logged in after getting the above:
>>
>> test@spock ~ $ getfacl /dev/sg2
>> getfacl: Removing leading '/' from absolute path names
>> # file: dev/sg2
>> # owner: root
>> # group: root
>> user::rw-
>> user:test:rw-            <<<< ????
>> group::---
>> group:scanner:rw-
>> mask::rw-
>> other::---
>> But how can my user 'test' - not in the scanner group - use the scanner?
>> And where could the acl entries like
>> user:test:rw-
>> have come from?
> 
> Most likely console-kit-daemon. See
> http://www.linuxfromscratch.org/blfs/view/cvs/postlfs/consolekit.html
> 
> Regards, Dave Hodgins
> 

Hmmm. That does seem to be installed (obviously a Mint default; I've not
touched this area at all. Looks as though the default setup provides a
minor security loophole. Not nice.) No documentation or config stuff
that I can find though.


(BTW I think you've replied again to my original post, although I think
the material's been covered in  this subthread already)


Thanks for the help advice.





-- 
Mike Scott (unet2 <at> [deletethis] scottsonline.org.uk)
Harlow Essex England

Back to comp.os.linux.security | Previous | NextPrevious in thread | Next in thread | Find similar

Thread

sg (scsi) device permissions not effective Mike Scott <usenet.14@scottsonline.org.uk.invalid> - 2012-08-11 08:44 +0100
  Re: sg (scsi) device permissions not effective Robert Nichols <SEE_SIGNATURE@localhost.localdomain.invalid> - 2012-08-11 12:14 -0500
    Re: sg (scsi) device permissions not effective Mike Scott <usenet.14@scottsonline.org.uk.invalid> - 2012-08-11 20:46 +0100
      Re: sg (scsi) device permissions not effective "David W. Hodgins" <dwhodgins@nomail.afraid.org> - 2012-08-11 22:37 -0400
        Re: sg (scsi) device permissions not effective Mike Scott <usenet.14@scottsonline.org.uk.invalid> - 2012-08-13 10:13 +0100
  Re: sg (scsi) device permissions not effective "David W. Hodgins" <dwhodgins@nomail.afraid.org> - 2012-08-11 15:23 -0400

csiph-web