Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Revoke Kernel Access..
Top Forums UNIX for Dummies Questions & Answers Revoke Kernel Access.. Post 302130569 by blowtorch on Monday 6th of August 2007 09:43:57 PM
Old 08-06-2007
What do you mean by kernel access permission? By default, the kernel will run as root. And no one can access the kernel directly, but only through defined access points. Perhaps you could let us know exactly what your problem is.

Also, please let us know your OS and its version.
 

10 More Discussions You Might Find Interesting

1. Programming

Aplication user and kernel mode (data access)

Hi all, I am trying to setup a program to use a device driver and am confusing buffer access between User and Kernel mode. I think all applications running in User space have to communicate with the device drivers using io control calls and then have some functions called back from the driver... (1 Reply)
Discussion started by: Brendan Kennedy
1 Replies

2. HP-UX

How to restrict a user group to access the kernel

Hi, Please any one can help me to know that how we can restrict a user group to access the kernel at all. (0 Replies)
Discussion started by: harishankar
0 Replies

3. Programming

Access process memory from kernel space

Hi, I'm currently working on a project to help the analysis of malware from inside the kernel to avoid any kind of detection. So I need to be able to read the process memory from my kernel module. As of now, I'm stuck at converting a virtual memory address (for example 0x080483e8 found... (3 Replies)
Discussion started by: anonymoose
3 Replies

4. UNIX for Advanced & Expert Users

Can kernel process access user address space ?

Can kernel process access user address space ? (2 Replies)
Discussion started by: subhotech
2 Replies

5. UNIX for Dummies Questions & Answers

kernel giving access for multiple users to access files

hi all, i want to know y kernel is giving access for multiple users to access a file when one user may be the owner is executing that file. Because other user can manipulate that file when the other user is executing that file, it will give the unexpected result to owner . plz help me... (1 Reply)
Discussion started by: jimmyuk
1 Replies

6. Solaris

Which file is read by kernel to set its default system kernel parameters values?

Hi gurus Could anybody tell me which file is read by kernel to set its default system kernal parameters values in solaris. Here I am not taking about /etc/system file which is used to load kernal modules or to change any default system kernal parameter value Is it /dev/kmem file or something... (1 Reply)
Discussion started by: girish.batra
1 Replies

7. UNIX for Advanced & Expert Users

Precaution to access user mode buffers from kernel

When accessing a user mode buffers from kernel space drivers what precautions must we take and how those precautions need to be implemented? (0 Replies)
Discussion started by: rupeshkp728
0 Replies

8. Linux

Unload kernel module at boot time (Debian Wheezy 7.2, 3.2.0-4-686-pae kernel)

Hi everyone, I am trying to prevent the ehci_hcd kernel module to load at boot time. Here's what I've tried so far: 1) Add the following line to /etc/modprobe.d/blacklist.conf (as suggested here): 2) Blacklisted the module by adding the following string to 3) Tried to blacklist the module... (0 Replies)
Discussion started by: gacanepa
0 Replies

9. UNIX for Advanced & Expert Users

Sudoers - Revoke default policy

I would like to keep my /etc/sudoers file as distributed and only use a /etc/sudoers.d drop-in file instead. Everything is working fine except for permissions given to the wheel group in the distribution sudoers file: ## Allows people in group wheel to run all commands %wheel ALL=(ALL) ... (1 Reply)
Discussion started by: Chubler_XL
1 Replies

10. Forum Support Area for Unregistered Users & Account Problems

User banned, requesting to revoke the ban.

My username is abhilashnair. I was banned recently for deleting my post. I wish to apologise for disregarding forum rules. I request you to revoke my ban and give me one more chance if possible, i assure you that I will abide by all rules henceforth Since this is really informative forum and rich... (3 Replies)
Discussion started by: Unregistered
3 Replies

LEARN ABOUT HPUX

fchown

chown(2)							System Calls Manual							  chown(2)

NAME

       chown(), fchown(), lchown() - change owner and group of a file

SYNOPSIS

DESCRIPTION

       The system call changes the user and group ownership of a file.	path points to the path name of a file.  sets the owner ID and group ID of
       the file to the numeric values contained in owner and group respectively.  A value of or can be	specified  in  owner  or  group  to  leave
       unchanged the file's owner ID or group ID, respectively.  Note that owner and group should be less than (see limits(5)).

       The  group ownership of a file can be changed to any group in the current process's access list or to the real or effective group ID of the
       current process.  If privilege groups are supported and the user has the privilege, the file can be given to any group.

       If the path given to contains a symbolic link as the last element, this link is traversed and path name resolution continues.  changes  the
       owner and group of the symbolic link's target, rather than the owner and group of the link.

       The system call functions exactly like except that it operates on a file descriptor instead of a path name.  fildes is a file descriptor.

       The  system call sets the owner ID and group ID of the named file just as does, except in the case where the named file is a symbolic link.
       In this case, changes the owner and group of the symbolic link file itself.

   Access Control Lists - HFS File Systems Only
       A user can allow or deny specific individuals and groups access to a file by using the file's access control list (see acl(5)).	When using
       in  conjunction	with  HFS  ACLs,  if  the new owner and/or group does not have an optional ACL entry corresponding to and/or in the file's
       access control list, the file's access permission bits remain unchanged.  However, if the new owner and/or group is already  designated	by
       an  optional ACL entry of and/or %.group, sets the file's permission bits (and the three basic ACL entries) to the permissions contained in
       that entry.

   Access Control Lists - JFS File Systems Only
       A user can allow or deny specific individuals and groups access to a file by using the file's access  control  list  (see  aclv(5)).   When
       using in conjunction with JFS ACLs, if the new owner and/or group of a file have optional ACL entries corresponding to and/or in the file's
       access control list, those entries remain in the ACL but no longer have any effect, being superseded by the file's and/or entries.

   Security Restrictions
       Only processes with an effective user ID equal to the file owner or a user with the privilege can change the ownership of a file.  If priv-
       ilege  groups  are  supported, the owner of a file can change the ownership only as a member of a privilege group allowing as set up by the
       command (see setprivgrp(1M)).  All users get the privilege by default.

       When a process changes the ownership or group of a file, the file system may clear the set-user-ID and set-group-ID bits.

       See privileges(5) for more information about privileged access on systems that support fine-grained privileges.

RETURN VALUE

       and return the following values:

	      Successful completion.
	      Failure.
		     The owner and group of the file remain unchanged.	is set to indicate the error.

ERRORS

       If or fails, is set to one of the following values:

	      Search permission is denied on a component of the path prefix.

	      path	     points outside the allocated address space of the process.  The reliable detection of this  error	is  implementation
			     dependent.

	      Too many symbolic links were encountered in translating
			     path.

	      A component of path exceeds bytes while is in effect, or path exceeds bytes.

	      The file named by
			     path does not exist.

	      A component of the path prefix is not a directory.

	      Either	     owner or group is greater than or equal to or is an illegal negative value.

	      The effective user ID is not a user with
			     privilege and one or more of the following conditions exist:

			     o	The effective user ID does not match the owner of the file.

			     o	When changing the owner of the file, the owner of the file is not a member of a privilege group allowing the priv-
				ilege.

			     o	When changing the group of the file, the owner of the file is not a member of a privilege group allowing the priv-
				ilege and the group number is not in the current process's access list.

	      The named file resides on a read-only file system.

       If fails, is set to one of the following values:

	      fildes	     is not a valid file descriptor.

	      Either	     owner or group is greater than or equal to or is an illegal negative value.

	      The effective user ID is not a user
			     having privilege and one or more of the following conditions exist:

			     o	The effective user ID does not match the owner of the file.

			     o	When changing the owner of the file, the owner of the file is not a member of a privilege group allowing the priv-
				ilege.

			     o	When changing the group of the file, the owner of the file is not a member of a privilege group allowing the priv-
				ilege and the group number is not in the current process's access list.

	      The named file resides on a read-only file system.

AUTHOR

       was developed by AT&T.

       was developed by the University of California, Berkeley.

SEE ALSO

       chown(1), setprivgrp(1M), chmod(2), setacl(2), acl(5), aclv(5), limits(5), privileges(5).

STANDARDS CONFORMANCE

																	  chown(2)
All times are GMT -4. The time now is 08:44 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy