LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Fedora (https://www.linuxquestions.org/questions/fedora-35/)
-   -   can't permanently change /dev/loop* permissions (https://www.linuxquestions.org/questions/fedora-35/cant-permanently-change-dev-loop%2A-permissions-353783/)

RedCharlie 08-16-2005 08:40 AM

can't permanently change /dev/loop* permissions
 
I use the loopback device to play dvd movie iso's, and for non-root users to be able to do so, I need to make all the loop device files world readable. I do this with chmod a+r /dev/loop* and it works fine. After a reboot, however, I find that I have the same problem again. Something has gone behind me and changed the /dev/loop permissions back to 640 from 644. I even stuck a "chmod a+r /dev/loop*" into my rc.local, but something still goes and changes the permissions back to 640, and by examining the timestamps from "ls -ltc /dev/loop*" it seems that whatever is doing this can be acting 30 min or so after boot.

I've disabled SELinux, so I don't think that is the problem.

oneandoneis2 08-16-2005 09:26 AM

I suspect you're using udev, which creates /dev entries dynamically. Check your /etc/udev rules and amend as appropriate

satinet 08-16-2005 09:34 AM

not sure where your specific udev rules live. probably in /etc/udev

in there cd to rules.d and edit the rules file. You'll find a section for loop back devices and you will be able to change the default permissions.,,.......

oneandoneis2 08-16-2005 09:39 AM

Unless you're using an older version, in which case you'd need to look at permissions.d

RedCharlie 08-19-2005 11:25 AM

Thanx for the suggestions. I am new to Fedora and udev, I would not have known to look there.

But I am having limited luck trying to modify the permissions for my loopback devices.

I've tried adding the line
KERNEL=="loop7", MODE="0644"

to both /etc/udev/rules.d/50-udev.rules (yes, I know I'm supposed to stick it in another file...)
and into 10-local.rules (my own file) with no effect

part of the problem may be that
...# udevinfo -q path -n /dev/loop7
spat out "no such device until I actually used losetup to setup an iso, afterwich it found all the loopback devices (setup or not)
..# udevinfo -q path -n /dev/loop7
/block/loop7

My main trouble is that the ONLY thing that has any effect is changing the line
SUBSYSTEM=="block", GROUP="disk", MODE="0640"
to
SUBSYSTEM=="block", GROUP="disk", MODE="0644"
in /etc/udev/rules.d/50-udev.rules

but this changes ALL my block devs to 0644 (not an issue with me, but I don't know the full ramifications of that, at the very least it could make the swap partition world readable, which is security hole)

I've tried the following lines, both in 50-udev.rules and in 10-local.rules, then either run "udevstart" or just rebooted, but again, nothing seems to have ANY effect except modifying the line above.
SUBSYSTEM=="block", SYSFS{dev}=="7:7", GROUP="disk", MODE="0644"
KERNEL=="loop7", GROUP="disk", MODE="0644"

So, any suggestions would be greatly appreciated.
oh, yeah, once udevinfo found my loopbacks, this is sample output

# udevinfo -a -p /block/loop7
udevinfo starts with the device the node belongs to and then walks up the
device chain, to print for every device found, all possibly useful attributes
in the udev key format.
Only attributes within one device section may be used together in one rule,
to match the device for which the node will be created.

device '/sys/block/loop7' has major:minor 7:7
looking at class device '/sys/block/loop7':
SUBSYSTEM=="block"
SYSFS{dev}=="7:7"
SYSFS{range}=="1"
SYSFS{removable}=="0"
SYSFS{size}=="0"
SYSFS{stat}==" 0 0 0 0 0 0 0 0 0 0 0"

RedCharlie 11-10-2006 07:18 PM

fixed (well, I have some options now...)
 
I'm not sure that udev has much to do with it...
I'm running FC5 now, and looking thru /etc/udev/rules.d/50-default.rules
Code:

# skip rules for inappropriate block devices
KERNEL=="ram*|loop*|fd*|nbd*", GOTO="persistent_end"

and if I try looking for a loop device...
Code:

[root@k7som-5c rules.d]# udevinfo -q path -n /dev/loop7
no record for 'loop7' in database
[root@k7som-5c rules.d]# udevtest loop7
main: unable to open 'loop7'

But since I first struggled with this, I have discovered /etc/security/console.perms and
/etc/security/console.perm.d/50-default.perms
The latter contains rules which give ownership of various devices, especially removable media, to any user logged into the console(tty or X session)

I added this rule (to 50-default.perms) to give ownership of /dev/loop7 to the console user, and set the default (no user at console) to mode 0644:
Code:

<console>  0640 <loop>      0644 root.disk
and voila! /dev/loop7 was mode 0664 (no user at console, I'm logged in via VNC, doesn't count ;-)

Now all I need to do is figure out how to tell pam to scr8w the console user and just set the device to mode 0644 all the time...

an4linux 07-21-2010 06:03 AM

Rule to change loop permission
 
Quote:

Originally Posted by RedCharlie (Post 2498610)
I'm not sure that udev has much to do with it...
I'm running FC5 now, and looking thru /etc/udev/rules.d/50-default.rules
Code:

# skip rules for inappropriate block devices
KERNEL=="ram*|loop*|fd*|nbd*", GOTO="persistent_end"

and if I try looking for a loop device...

SUBSYSTEM=="block", KERNEL=="loop[0-9]", MODE="0666"

Will change loop mode accordingly

Thanks


All times are GMT -5. The time now is 03:22 AM.