Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: controll access to a device
Top Forums UNIX for Dummies Questions & Answers controll access to a device Post 302267257 by Pavel.Bures on Friday 12th of December 2008 03:23:44 AM
Old 12-12-2008
controll access to a device
Hello everyone,
I write a program (Linux & Solaris) that will run as non-root user, but the program must have rw access to a device /dev/ipmi (on linux) or /dev/bmc (on solaris).

What is the standard way of granting such access?
Linux:
chmod on /dev/ipmi ?
suid root my program?

Solaris:
RBAC?
chmod on /dev/bmc?
suid root my program?


I am searching for the proper unix approach, so I don't create any security vulnerabilities or awkward solution.

Thanks a lot!
--Pavel.
 

9 More Discussions You Might Find Interesting

1. Linux

Non exclusive sound device access!!

Hi, I was wondering if any of you guys know of way to make applications that use sound device on linux to access it in a "non-exclusive manner", the aim is to be able to use more than one application that requires the sound device. Thanks (0 Replies)
Discussion started by: andryk
0 Replies

2. Linux

attempt to access beyond end of device

Hi, we have running 8 box sles 9 cluster and on an nfs filesystem we have the problem which is grepped from /var/log/messages. Jun 8 13:40:46 qnclpx02 kernel: attempt to access beyond end of device Jun 8 13:40:46 qnclpx02 kernel: sdat: rw=0, want=8894615912, limit=314572800 Is there... (1 Reply)
Discussion started by: ortsvorsteher
1 Replies

3. Homework & Coursework Questions

The pseudo-device provides a “backdoor” for gaining root access for a particular user.

Problem statement. In this part of the assignment, delegates will create a pseudo-device and write a device driver for it. The pseudo-device provides a “backdoor” for gaining root access for a particular user. Instead of compiling the device driver into the kernel, delegate will create a module.... (1 Reply)
Discussion started by: nyjilgeorge1
1 Replies

4. OS X (Apple)

Not mounted, no-driver USB device in terminal (how to access?)

hi, i am on a quest to access and even mount if possible a drive on os x. there is no driver for the device, but it lists fine in the system profiler. can i access its location from the terminal? how? here is what i get on the system profiler: Speed: Up to 480 Mb/sec Manufacturer: SAMSUNG ... (3 Replies)
Discussion started by: sontarieh
3 Replies

5. UNIX for Advanced & Expert Users

How the user process can access the character device loaded by my module

I am trying to load into the kernel a system-call dynamically (without restarting the kernel and compailing it) in an attempt to (once in kernel mode) write to user process's memory. (I know there is a way to do this with the ptrace interface but it is not an option.) I know the only way to... (1 Reply)
Discussion started by: hopelessProgram
1 Replies

6. UNIX for Advanced & Expert Users

Access a File as a Device?

I backed up my 320GB hard drive to a file with dd: dd if=/dev/sda of=dev_sda.17-Mar-2012 bs=1048576The main idea was to be able to be able to completely replace my hard drive from this backup if necessary, but I'd also like to be able to restore individual files. I realize I could use this dd... (20 Replies)
Discussion started by: Matt Miller
20 Replies

7. Cybersecurity

Can't access my device DJI Phantom 3 which uses UNIX. Need Help please!

Equipment: DJI Phantom 3 I have the root and passwords access, but I cannot find out how to access the equipment. There is a USB port going to a miniUSB that connects to the equipment, but on Windows is detecting the connection as being a Serial Port (COM3). I need some help in order to gain... (5 Replies)
Discussion started by: nobr3ga
5 Replies

8. Ubuntu

Cannot access or boot encrypted drive (gave up waiting for root device...)

I cannot access or boot from my C drive. I'm running Zorin 9 and the drive is a Samsung SSD. The disk was encrypted on install, and that has not given me any problems before. When I start the system it gets to the memory test page, and does not then load the password prompt, which it used to.... (1 Reply)
Discussion started by: David4321
1 Replies

9. UNIX for Dummies Questions & Answers

Exclusive access for few IPs to NTP device

How to provide a client exclusive access to the NTP device or NTP server. Example: 1. Configured md5 authentication for a subnet added below restriction line to the subnet as below in ntp.conf file. Also configured the keys and md5 authentication working . restrict 192.168.1.0 mask... (1 Reply)
Discussion started by: iqtan
1 Replies

LEARN ABOUT DEBIAN

allocate

allocate(1)															       allocate(1)

NAME

       allocate - device allocation

SYNOPSIS

       allocate [-s] [-U uname] device

       allocate [-s] [-U uname] -g dev-type

       allocate [-s] [-U uname] -F device

       The  allocate  utility  manages	the ownership of devices through its allocation mechanism. It ensures that each device is used by only one
       qualified user at a time.

       The device argument specifies the device to be manipulated. To preserve the integrity of the device's owner, the allocate operation is exe-
       cuted on all the device special files associated with that device.

       The argument dev-type is the device type to be operated on and can only be used with the -g option.

       The default allocate operation allocates the device special files associated with device to the uid of the current process.

       If  the	-F  option  is	specified, the device cleaning program is executed when allocation is performed. This cleaning program is found in
       /etc/security/lib. The name of this program is found in the device_allocate(4) entry for the device in the dev-exec field.

       Only authorized users may allocate a device. The required authorizations are specified in device_allocate(4).

       The following options are supported:

       -g dev-type     Allocates a non-allocated device with a device-type matching dev-type.

       -s	       Silent. Suppresses any diagnostic output.

       -F device       Reallocates the device allocated to another user. This option is often used with -U to reallocate a specific  device  to  a
		       specific user. Only a user with the solaris.device.revoke authorization is permitted to use this option.

       -U uname        Uses  the  user	ID uname instead of the user ID of the current process when performing the allocate operation. Only a user
		       with the solaris.device.revoke authorization is permitted to use this option.

       The following exit values are returned:

       non--zero       An error occurred.

       /etc/security/device_allocate

       /etc/security/device_maps

       /etc/security/dev/*

       /etc/security/lib/*

       See attributes(5) for descriptions of the following attributes:

       +-----------------------------+-----------------------------+
       |      ATTRIBUTE TYPE	     |	    ATTRIBUTE VALUE	   |
       +-----------------------------+-----------------------------+
       |Availability		     |SUNWcsu			   |
       +-----------------------------+-----------------------------+

       deallocate(1), list_devices(1), bsmconv(1M), dminfo(1M), mkdevalloc(1M), mkdevmaps(1M), device_allocate(4), device_maps(4), attributes(5)

       The functionality described in this man page is available only if the Basic Security Module (BSM) has been  enabled.  See  bsmconv(1M)  for
       more information.

       /etc/security/dev, mkdevalloc(1M), and mkdevmaps(1M) might not be supported in a future release of the Solaris Operating Environment.

								    28 Mar 2005 						       allocate(1)
All times are GMT -4. The time now is 05:35 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy