Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: controll access to a device
Top Forums UNIX for Dummies Questions & Answers controll access to a device Post 302267257 by Pavel.Bures on Friday 12th of December 2008 03:23:44 AM
Old 12-12-2008
controll access to a device
Hello everyone,
I write a program (Linux & Solaris) that will run as non-root user, but the program must have rw access to a device /dev/ipmi (on linux) or /dev/bmc (on solaris).

What is the standard way of granting such access?
Linux:
chmod on /dev/ipmi ?
suid root my program?

Solaris:
RBAC?
chmod on /dev/bmc?
suid root my program?


I am searching for the proper unix approach, so I don't create any security vulnerabilities or awkward solution.

Thanks a lot!
--Pavel.
 

9 More Discussions You Might Find Interesting

1. Linux

Non exclusive sound device access!!

Hi, I was wondering if any of you guys know of way to make applications that use sound device on linux to access it in a "non-exclusive manner", the aim is to be able to use more than one application that requires the sound device. Thanks (0 Replies)
Discussion started by: andryk
0 Replies

2. Linux

attempt to access beyond end of device

Hi, we have running 8 box sles 9 cluster and on an nfs filesystem we have the problem which is grepped from /var/log/messages. Jun 8 13:40:46 qnclpx02 kernel: attempt to access beyond end of device Jun 8 13:40:46 qnclpx02 kernel: sdat: rw=0, want=8894615912, limit=314572800 Is there... (1 Reply)
Discussion started by: ortsvorsteher
1 Replies

3. Homework & Coursework Questions

The pseudo-device provides a “backdoor” for gaining root access for a particular user.

Problem statement. In this part of the assignment, delegates will create a pseudo-device and write a device driver for it. The pseudo-device provides a “backdoor” for gaining root access for a particular user. Instead of compiling the device driver into the kernel, delegate will create a module.... (1 Reply)
Discussion started by: nyjilgeorge1
1 Replies

4. OS X (Apple)

Not mounted, no-driver USB device in terminal (how to access?)

hi, i am on a quest to access and even mount if possible a drive on os x. there is no driver for the device, but it lists fine in the system profiler. can i access its location from the terminal? how? here is what i get on the system profiler: Speed: Up to 480 Mb/sec Manufacturer: SAMSUNG ... (3 Replies)
Discussion started by: sontarieh
3 Replies

5. UNIX for Advanced & Expert Users

How the user process can access the character device loaded by my module

I am trying to load into the kernel a system-call dynamically (without restarting the kernel and compailing it) in an attempt to (once in kernel mode) write to user process's memory. (I know there is a way to do this with the ptrace interface but it is not an option.) I know the only way to... (1 Reply)
Discussion started by: hopelessProgram
1 Replies

6. UNIX for Advanced & Expert Users

Access a File as a Device?

I backed up my 320GB hard drive to a file with dd: dd if=/dev/sda of=dev_sda.17-Mar-2012 bs=1048576The main idea was to be able to be able to completely replace my hard drive from this backup if necessary, but I'd also like to be able to restore individual files. I realize I could use this dd... (20 Replies)
Discussion started by: Matt Miller
20 Replies

7. Cybersecurity

Can't access my device DJI Phantom 3 which uses UNIX. Need Help please!

Equipment: DJI Phantom 3 I have the root and passwords access, but I cannot find out how to access the equipment. There is a USB port going to a miniUSB that connects to the equipment, but on Windows is detecting the connection as being a Serial Port (COM3). I need some help in order to gain... (5 Replies)
Discussion started by: nobr3ga
5 Replies

8. Ubuntu

Cannot access or boot encrypted drive (gave up waiting for root device...)

I cannot access or boot from my C drive. I'm running Zorin 9 and the drive is a Samsung SSD. The disk was encrypted on install, and that has not given me any problems before. When I start the system it gets to the memory test page, and does not then load the password prompt, which it used to.... (1 Reply)
Discussion started by: David4321
1 Replies

9. UNIX for Dummies Questions & Answers

Exclusive access for few IPs to NTP device

How to provide a client exclusive access to the NTP device or NTP server. Example: 1. Configured md5 authentication for a subnet added below restriction line to the subnet as below in ntp.conf file. Also configured the keys and md5 authentication working . restrict 192.168.1.0 mask... (1 Reply)
Discussion started by: iqtan
1 Replies

LEARN ABOUT OPENSOLARIS

deallocate

deallocate(1)							   User Commands						     deallocate(1)

NAME

       deallocate - device deallocation

SYNOPSIS

       deallocate [-s] [-w] [-F] [-z zonename]
	    [-c dev-class | -g dev-type | device]

       deallocate [-s] [-w] [-F] [-z zonename] -I

DESCRIPTION

       The  deallocate	command frees an allocated device. It resets the ownership and permissions on all device special files associated with the
       device, disabling access to that device. deallocate runs the device cleaning program for that device as specified in device_allocate(4).

       The default deallocate operation deallocates devices allocated to the user.

OPTIONS

       The following options are supported:

       -c dev-class    Deallocates all devices of the specified device class.

       -F device       Forces deallocation of the device associated with the file specified by device. Only a user with the  solaris.device.revoke
		       authorization is permitted to use this option.

       -I	       Forces  deallocation  of  all allocatable devices. Only a user with the solaris.device.revoke authorization is permitted to
		       use this option. This option should only be used at system initialization.

       -s	       Silent. Suppresses any diagnostic output.

       The following options are supported when the system is configured with Trusted Extensions:

       -g dev-type    Deallocates a device of device type matching dev-type.

       -w	      Runs the device cleaning program in a windowing environment. If a windowing version of the program exists, it is used.  Oth-
		      erwise, the standard version is run in a terminal window.

       -z zonename    Deallocates device from the zone specified by zonename.

OPERANDS

       The following operands are supported:

       device	 Deallocates the specified device.

EXIT STATUS

       The following exit values are returned:

       0	      Successful completion.

       20	      No entry for the specified device.

       other value    An error occurred.

FILES

       /etc/security/device_allocate

       /etc/security/device_maps

       /etc/security/dev/*

       /etc/security/lib/*

ATTRIBUTES

       See attributes(5) for descriptions of the following attributes:

       +-----------------------------+-----------------------------+
       |      ATTRIBUTE TYPE	     |	    ATTRIBUTE VALUE	   |
       +-----------------------------+-----------------------------+
       |Availability		     |SUNWcsu			   |
       +-----------------------------+-----------------------------+
       |Interface Stability	     |See below.		   |
       +-----------------------------+-----------------------------+

       The invocation is Uncommitted. The options are Uncommitted. The output is Not-an-Interface.

SEE ALSO

       allocate(1), list_devices(1), bsmconv(1M), dminfo(1M), mkdevalloc(1M), mkdevmaps(1M), device_allocate(4), device_maps(4), attributes(5)

       Controlling Access to Devices

NOTES

       The functionality described in this man page is available only if  Solaris Auditing has been enabled. See bsmconv(1M) for more information.

       On systems configured with Trusted Extensions, the functionality is enabled by default.

       /etc/security/dev, mkdevalloc(1M), and mkdevmaps(1M) might not be supported in a future release of the Solaris Operating Environment.

SunOS 5.11							    30 Apr 2008 						     deallocate(1)
All times are GMT -4. The time now is 01:27 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy