LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices


Reply
  Search this Thread
Old 05-30-2015, 12:25 PM   #1
mdooligan
Member
 
Registered: Feb 2009
Location: Vancouver BC
Distribution: Mandrake10/ArchHackery/Gentoo
Posts: 179

Rep: Reputation: 22
Why do I have to be root to copy device nodes?


...Even if they belong to me?
Code:
sudo cp -av /dev/console .
works. Why not as normal user? Pipes are fine, it's character and block specials that are problematic.

(To explain a bit: I'm copying the guts of iso files into ordinary directories for analysis, so I don't have to mount them everytime I need to take a peek, and I run into this on every dev directory, and also some lib dirs that have char nodes 'null', and a few other odd places. So the copy operation has to be done as root even though everything is owned by me as regular user.)

This is not urgent or anything, just puzzling.
 
Old 05-30-2015, 01:08 PM   #2
fatmac
Senior Member
 
Registered: Sep 2011
Location: Upper Hale, Surrey/Hants Border, UK
Posts: 3,832

Rep: Reputation: Disabled
I guess if an ordinary user could delete your disk node you wouldn't be very happy.
There are certain things (& programs) that are the preserve of 'root' to prevent an 'unhappy' user from damaging your system.
 
Old 05-30-2015, 01:19 PM   #3
rknichols
Senior Member
 
Registered: Aug 2009
Distribution: CentOS
Posts: 4,453

Rep: Reputation: 2037Reputation: 2037Reputation: 2037Reputation: 2037Reputation: 2037Reputation: 2037Reputation: 2037Reputation: 2037Reputation: 2037Reputation: 2037Reputation: 2037
Copying a device node requires creating a new one that happens to be the same as the source. Allowing a non-root user to create a device node would be a huge security hole since you could gain access to any device just by creating a device node that gave you the needed permissions. Even if the special case of copying a device node were allowed, that would still be a security issue since that node would give you permissions that the system could not later remove, such as happens with the various device nodes that are owned by the currently logged-in user.

Incidentally, that's why automatically mounted external devices always get the "nodev" option, among other restrictions.

Last edited by rknichols; 05-30-2015 at 01:22 PM.
 
1 members found this post helpful.
Old 05-30-2015, 07:49 PM   #4
jefro
Moderator
 
Registered: Mar 2008
Posts: 20,222

Rep: Reputation: 3196Reputation: 3196Reputation: 3196Reputation: 3196Reputation: 3196Reputation: 3196Reputation: 3196Reputation: 3196Reputation: 3196Reputation: 3196Reputation: 3196
I'd think the iso has permissions much like any mountable point. The file permissions are there from the build of the iso. You don't own that exactly.
 
Old 05-31-2015, 06:10 AM   #5
mdooligan
Member
 
Registered: Feb 2009
Location: Vancouver BC
Distribution: Mandrake10/ArchHackery/Gentoo
Posts: 179

Original Poster
Rep: Reputation: 22
Quote:
Originally Posted by jefro View Post
I'd think the iso has permissions much like any mountable point. The file permissions are there from the build of the iso. You don't own that exactly.
Yeah, they usually come with gibbled perms everywhere. "sudo chown -R me:me *" fixes that issue pretty quick.
 
Old 05-31-2015, 06:15 AM   #6
mdooligan
Member
 
Registered: Feb 2009
Location: Vancouver BC
Distribution: Mandrake10/ArchHackery/Gentoo
Posts: 179

Original Poster
Rep: Reputation: 22
Quote:
Originally Posted by rknichols View Post
Copying a device node requires creating a new one that happens to be the same as the source. Allowing a non-root user to create a device node would be a huge security hole since you could gain access to any device just by creating a device node that gave you the needed permissions. Even if the special case of copying a device node were allowed, that would still be a security issue since that node would give you permissions that the system could not later remove, such as happens with the various device nodes that are owned by the currently logged-in user.

Incidentally, that's why automatically mounted external devices always get the "nodev" option, among other restrictions.
That makes sense. I'm not a paranoid individual by nature, so I tend to keep my security somewhere between 'lax' and 'sloppy', kinda like "The key is under the mat."

That also explains why pipes are OK but char and block specials are not.

Thank you very much.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Event device nodes and Xorg CartmanYO Programming 1 11-14-2010 05:28 AM
device nodes linux_newbie79 Linux - Newbie 1 10-19-2009 03:24 AM
How do you detect device nodes with C? sebajo Programming 1 06-19-2007 12:42 PM
Combine two mouse device nodes into one? Harpune Linux - Laptop and Netbook 0 12-18-2004 02:24 PM
Device nodes zoomzoom Linux - General 0 08-18-2003 08:00 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Software

All times are GMT -5. The time now is 01:26 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration