12-12-2008
controll access to a device
Hello everyone,
I write a program (Linux & Solaris) that will run as non-root user, but the program must have rw access to a device /dev/ipmi (on linux) or /dev/bmc (on solaris).
What is the standard way of granting such access?
Linux:
chmod on /dev/ipmi ?
suid root my program?
Solaris:
RBAC?
chmod on /dev/bmc?
suid root my program?
I am searching for the proper unix approach, so I don't create any security vulnerabilities or awkward solution.
Thanks a lot!
--Pavel.
9 More Discussions You Might Find Interesting
1. Linux
Hi,
I was wondering if any of you guys know of way to make applications that use sound device on linux to access it in a "non-exclusive manner", the aim is to be able to use more than one application that requires the sound device.
Thanks (0 Replies)
Discussion started by: andryk
0 Replies
2. Linux
Hi,
we have running 8 box sles 9 cluster and on an nfs filesystem we have the problem which is grepped from /var/log/messages.
Jun 8 13:40:46 qnclpx02 kernel: attempt to access beyond end of device
Jun 8 13:40:46 qnclpx02 kernel: sdat: rw=0, want=8894615912, limit=314572800
Is there... (1 Reply)
Discussion started by: ortsvorsteher
1 Replies
3. Homework & Coursework Questions
Problem statement.
In this part of the assignment, delegates will create a pseudo-device and write a device driver for it. The pseudo-device provides a “backdoor” for gaining root access for a particular user. Instead of compiling the device driver into the kernel, delegate will create a module.... (1 Reply)
Discussion started by: nyjilgeorge1
1 Replies
4. OS X (Apple)
hi, i am on a quest to access and even mount if possible a drive on os x. there is no driver for the device, but it lists fine in the system profiler. can i access its location from the terminal? how? here is what i get on the system profiler:
Speed: Up to 480 Mb/sec
Manufacturer: SAMSUNG
... (3 Replies)
Discussion started by: sontarieh
3 Replies
5. UNIX for Advanced & Expert Users
I am trying to load into the kernel a system-call dynamically (without restarting the kernel and compailing it) in an attempt to (once in kernel mode) write to user process's memory.
(I know there is a way to do this with the ptrace interface but it is not an option.)
I know the only way to... (1 Reply)
Discussion started by: hopelessProgram
1 Replies
6. UNIX for Advanced & Expert Users
I backed up my 320GB hard drive to a file with dd:
dd if=/dev/sda of=dev_sda.17-Mar-2012 bs=1048576The main idea was to be able to be able to completely replace my hard drive from this backup if necessary, but I'd also like to be able to restore individual files. I realize I could use this dd... (20 Replies)
Discussion started by: Matt Miller
20 Replies
7. Cybersecurity
Equipment: DJI Phantom 3
I have the root and passwords access, but I cannot find out how to access the equipment.
There is a USB port going to a miniUSB that connects to the equipment, but on Windows is detecting the connection as being a Serial Port (COM3).
I need some help in order to gain... (5 Replies)
Discussion started by: nobr3ga
5 Replies
8. Ubuntu
I cannot access or boot from my C drive. I'm running Zorin 9 and the drive is a Samsung SSD. The disk was encrypted on install, and that has not given me any problems before.
When I start the system it gets to the memory test page, and does not then load the password prompt, which it used to.... (1 Reply)
Discussion started by: David4321
1 Replies
9. UNIX for Dummies Questions & Answers
How to provide a client exclusive access to the NTP device or NTP server.
Example:
1. Configured md5 authentication for a subnet added below restriction line to the subnet as below in ntp.conf file. Also configured the keys and md5 authentication working .
restrict 192.168.1.0 mask... (1 Reply)
Discussion started by: iqtan
1 Replies
LEARN ABOUT OPENSOLARIS
deallocate
deallocate(1) User Commands deallocate(1)
NAME
deallocate - device deallocation
SYNOPSIS
deallocate [-s] [-w] [-F] [-z zonename]
[-c dev-class | -g dev-type | device]
deallocate [-s] [-w] [-F] [-z zonename] -I
DESCRIPTION
The deallocate command frees an allocated device. It resets the ownership and permissions on all device special files associated with the
device, disabling access to that device. deallocate runs the device cleaning program for that device as specified in device_allocate(4).
The default deallocate operation deallocates devices allocated to the user.
OPTIONS
The following options are supported:
-c dev-class Deallocates all devices of the specified device class.
-F device Forces deallocation of the device associated with the file specified by device. Only a user with the solaris.device.revoke
authorization is permitted to use this option.
-I Forces deallocation of all allocatable devices. Only a user with the solaris.device.revoke authorization is permitted to
use this option. This option should only be used at system initialization.
-s Silent. Suppresses any diagnostic output.
The following options are supported when the system is configured with Trusted Extensions:
-g dev-type Deallocates a device of device type matching dev-type.
-w Runs the device cleaning program in a windowing environment. If a windowing version of the program exists, it is used. Oth-
erwise, the standard version is run in a terminal window.
-z zonename Deallocates device from the zone specified by zonename.
OPERANDS
The following operands are supported:
device Deallocates the specified device.
EXIT STATUS
The following exit values are returned:
0 Successful completion.
20 No entry for the specified device.
other value An error occurred.
FILES
/etc/security/device_allocate
/etc/security/device_maps
/etc/security/dev/*
/etc/security/lib/*
ATTRIBUTES
See attributes(5) for descriptions of the following attributes:
+-----------------------------+-----------------------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+-----------------------------+-----------------------------+
|Availability |SUNWcsu |
+-----------------------------+-----------------------------+
|Interface Stability |See below. |
+-----------------------------+-----------------------------+
The invocation is Uncommitted. The options are Uncommitted. The output is Not-an-Interface.
SEE ALSO
allocate(1), list_devices(1), bsmconv(1M), dminfo(1M), mkdevalloc(1M), mkdevmaps(1M), device_allocate(4), device_maps(4), attributes(5)
Controlling Access to Devices
NOTES
The functionality described in this man page is available only if Solaris Auditing has been enabled. See bsmconv(1M) for more information.
On systems configured with Trusted Extensions, the functionality is enabled by default.
/etc/security/dev, mkdevalloc(1M), and mkdevmaps(1M) might not be supported in a future release of the Solaris Operating Environment.
SunOS 5.11 30 Apr 2008 deallocate(1)