1 |
Regarding SU: |
2 |
my mistake, sorry. It actually does work but I was |
3 |
doing it stupidly on a user account whose shell was |
4 |
/bin/false. |
5 |
|
6 |
Regarding /dev/ttySx: |
7 |
1) is putting nut in the uucp group safe? |
8 |
2) is changing the GROUP for ttyS in udev safe? |
9 |
|
10 |
non-hardened udev rules: |
11 |
|
12 |
# tty devices |
13 |
KERNEL=="ttyS[0-9]*", NAME="tts/%n", SYMLINK+="%k", |
14 |
GROUP="tty" |
15 |
KERNEL=="ttyUSB[0-9]*", NAME="tts/USB%n", GROUP="tty", |
16 |
MODE="0660" |
17 |
|
18 |
hardened udev rules: |
19 |
|
20 |
# tty devices |
21 |
KERNEL=="ttyS[0-9]*", NAME="%k", SYMLINK="tts/%n", |
22 |
GROUP="uucp", MODE="0660" |
23 |
KERNEL=="ttyUSB[0-9]*", NAME="%k", |
24 |
SYMLINK="tts/USB%n", GROUP="uucp", MODE="0660 |
25 |
|
26 |
Of the two methods I suppose modifying the udev rules |
27 |
is the safest because I could just redefine ttyS0 |
28 |
only. |
29 |
|
30 |
Thank you. |
31 |
|
32 |
--- gentoo-hardened-ml-01@××××××.org wrote: |
33 |
|
34 |
> Changing the perms on /dev/ttyS0 manually will not |
35 |
> persist between reboots. |
36 |
> You should change the udev rules in |
37 |
> /etc/udev/rules.d/ or add "nut" to the |
38 |
> uucp group in /etc/group. |
39 |
> |
40 |
> As for why your su doesn't work, I am not sure. |
41 |
> Works for me, my root user is |
42 |
> in the wheel group and the user I su to exists. |
43 |
> |
44 |
> On Tuesday, May 8, 2007 07:55, Vieri wrote: |
45 |
> > --- Vieri <rentorbuy@×××××.com> wrote: |
46 |
> > > Hi, |
47 |
> > > |
48 |
> > > I've recently installed a gentoo box with the |
49 |
> > > hardend |
50 |
> > > profile + hardened-sources so I'm new to all |
51 |
> this. |
52 |
> > > |
53 |
> > > I have two basic questions that I can't seem to |
54 |
> > > answer. |
55 |
> > > |
56 |
> > > 1) SU: |
57 |
> > > on the non-hardened gentoo box I'm used to, I |
58 |
> can |
59 |
> > > enter as root and then do a "su username" and a |
60 |
> > > whoami |
61 |
> > > shows that username. However, in the hardened |
62 |
> box, |
63 |
> > > issuing "su username" doesn't do anything and |
64 |
> whoami |
65 |
> > > is still root. I can't see any log messages |
66 |
> related |
67 |
> > > to |
68 |
> > > this. Is this behavior normal? |
69 |
> > > |
70 |
> > > 2) TTY: |
71 |
> > > on my non-hardened gentoo I emerged |
72 |
> sys-power/nut |
73 |
> > > which is a UPS monitoring tool and needs to |
74 |
> access |
75 |
> > > /dev/ttySx. The nut driver is supposed to run |
76 |
> under |
77 |
> > > the nut user/group which is also part of the tty |
78 |
> > > group. In other words, the application has |
79 |
> correct |
80 |
> > > access to the device. However, in my hardened |
81 |
> box |
82 |
> > > after emerging without errors and verifying that |
83 |
> the |
84 |
> > > nut user was added to the tty group, the nut app |
85 |
> > > fails |
86 |
> > > when trying to access /dev/ttyS0 and reports |
87 |
> > > "permission denied". |
88 |
> > > |
89 |
> > > I'm sure all this is due to my lack of |
90 |
> experience |
91 |
> > > but |
92 |
> > > could someone please give me the big picture. |
93 |
> > |
94 |
> > May I add: |
95 |
> > |
96 |
> > non-hardened # ls -la /dev/ttyS0 |
97 |
> > lrwxrwxrwx 1 root root 5 Apr 27 12:39 /dev/ttyS0 |
98 |
> -> |
99 |
> > tts/0 |
100 |
> > |
101 |
> > hardened # ls -la /dev/ttyS0 |
102 |
> > crw-rw---- 1 root uucp 4, 64 May 8 00:19 |
103 |
> /dev/ttyS0 |
104 |
> > |
105 |
> > Do I just need to manually change permissions for |
106 |
> this |
107 |
> > device? |
108 |
> > |
109 |
> > > Thank you. |
110 |
> > > |
111 |
> > > Vieri |
112 |
|
113 |
|
114 |
|
115 |
|
116 |
____________________________________________________________________________________ |
117 |
Now that's room service! Choose from over 150,000 hotels |
118 |
in 45,000 destinations on Yahoo! Travel to find your fit. |
119 |
http://farechase.yahoo.com/promo-generic-14795097 |
120 |
-- |
121 |
gentoo-hardened@g.o mailing list |