12-12-2008
controll access to a device
Hello everyone,
I write a program (Linux & Solaris) that will run as non-root user, but the program must have rw access to a device /dev/ipmi (on linux) or /dev/bmc (on solaris).
What is the standard way of granting such access?
Linux:
chmod on /dev/ipmi ?
suid root my program?
Solaris:
RBAC?
chmod on /dev/bmc?
suid root my program?
I am searching for the proper unix approach, so I don't create any security vulnerabilities or awkward solution.
Thanks a lot!
--Pavel.
9 More Discussions You Might Find Interesting
1. Linux
Hi,
I was wondering if any of you guys know of way to make applications that use sound device on linux to access it in a "non-exclusive manner", the aim is to be able to use more than one application that requires the sound device.
Thanks (0 Replies)
Discussion started by: andryk
0 Replies
2. Linux
Hi,
we have running 8 box sles 9 cluster and on an nfs filesystem we have the problem which is grepped from /var/log/messages.
Jun 8 13:40:46 qnclpx02 kernel: attempt to access beyond end of device
Jun 8 13:40:46 qnclpx02 kernel: sdat: rw=0, want=8894615912, limit=314572800
Is there... (1 Reply)
Discussion started by: ortsvorsteher
1 Replies
3. Homework & Coursework Questions
Problem statement.
In this part of the assignment, delegates will create a pseudo-device and write a device driver for it. The pseudo-device provides a “backdoor” for gaining root access for a particular user. Instead of compiling the device driver into the kernel, delegate will create a module.... (1 Reply)
Discussion started by: nyjilgeorge1
1 Replies
4. OS X (Apple)
hi, i am on a quest to access and even mount if possible a drive on os x. there is no driver for the device, but it lists fine in the system profiler. can i access its location from the terminal? how? here is what i get on the system profiler:
Speed: Up to 480 Mb/sec
Manufacturer: SAMSUNG
... (3 Replies)
Discussion started by: sontarieh
3 Replies
5. UNIX for Advanced & Expert Users
I am trying to load into the kernel a system-call dynamically (without restarting the kernel and compailing it) in an attempt to (once in kernel mode) write to user process's memory.
(I know there is a way to do this with the ptrace interface but it is not an option.)
I know the only way to... (1 Reply)
Discussion started by: hopelessProgram
1 Replies
6. UNIX for Advanced & Expert Users
I backed up my 320GB hard drive to a file with dd:
dd if=/dev/sda of=dev_sda.17-Mar-2012 bs=1048576The main idea was to be able to be able to completely replace my hard drive from this backup if necessary, but I'd also like to be able to restore individual files. I realize I could use this dd... (20 Replies)
Discussion started by: Matt Miller
20 Replies
7. Cybersecurity
Equipment: DJI Phantom 3
I have the root and passwords access, but I cannot find out how to access the equipment.
There is a USB port going to a miniUSB that connects to the equipment, but on Windows is detecting the connection as being a Serial Port (COM3).
I need some help in order to gain... (5 Replies)
Discussion started by: nobr3ga
5 Replies
8. Ubuntu
I cannot access or boot from my C drive. I'm running Zorin 9 and the drive is a Samsung SSD. The disk was encrypted on install, and that has not given me any problems before.
When I start the system it gets to the memory test page, and does not then load the password prompt, which it used to.... (1 Reply)
Discussion started by: David4321
1 Replies
9. UNIX for Dummies Questions & Answers
How to provide a client exclusive access to the NTP device or NTP server.
Example:
1. Configured md5 authentication for a subnet added below restriction line to the subnet as below in ntp.conf file. Also configured the keys and md5 authentication working .
restrict 192.168.1.0 mask... (1 Reply)
Discussion started by: iqtan
1 Replies
MEM(4) Linux Programmer's Manual MEM(4)
NAME
mem, kmem, port - system memory, kernel memory and system ports
DESCRIPTION
/dev/mem is a character device file that is an image of the main memory of the computer. It may be used, for example, to examine (and even
patch) the system.
Byte addresses in /dev/mem are interpreted as physical memory addresses. References to nonexistent locations cause errors to be returned.
Examining and patching is likely to lead to unexpected results when read-only or write-only bits are present.
Since Linux 2.6.26, and depending on the architecture, the CONFIG_STRICT_DEVMEM kernel configuration option limits the areas which can be
accessed through this file. For example: on x86, RAM access is not allowed but accessing memory-mapped PCI regions is.
It is typically created by:
mknod -m 660 /dev/mem c 1 1
chown root:kmem /dev/mem
The file /dev/kmem is the same as /dev/mem, except that the kernel virtual memory rather than physical memory is accessed. Since Linux
2.6.26, this file is available only if the CONFIG_DEVKMEM kernel configuration option is enabled.
It is typically created by:
mknod -m 640 /dev/kmem c 1 2
chown root:kmem /dev/kmem
/dev/port is similar to /dev/mem, but the I/O ports are accessed.
It is typically created by:
mknod -m 660 /dev/port c 1 4
chown root:kmem /dev/port
FILES
/dev/mem
/dev/kmem
/dev/port
SEE ALSO
chown(1), mknod(1), ioperm(2)
COLOPHON
This page is part of release 4.15 of the Linux man-pages project. A description of the project, information about reporting bugs, and the
latest version of this page, can be found at https://www.kernel.org/doc/man-pages/.
Linux 2015-01-02 MEM(4)