This service will be undergoing maintenance at 20:00 UTC, 2017-04-03. It is expected to last about 30 minutes
Bug 110197 - Make hard disk devices mode 0640?
Make hard disk devices mode 0640?
Product: Fedora
Classification: Fedora
Component: udev (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: Harald Hoyer
: FutureFeature
Depends On:
Blocks: FC4Target
  Show dependency treegraph
Reported: 2003-11-16 16:25 EST by Need Real Name
Modified: 2007-11-30 17:10 EST (History)
4 users (show)

See Also:
Fixed In Version: 3.9.2-1
Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2004-12-21 01:17:48 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Need Real Name 2003-11-16 16:25:08 EST
Description of problem:
By default, hard disk device special files in /dev/ are created as
root:disk mode 0660 (writable by group "disk").

There doesn't appear to be anything actually using sgid disk AFAICT,
so group write access is not required.  Can we change it to read-only
by group "disk?"

This would be useful for e.g., putting userid "operator" into group
"disk" for performing dumps.  That id could then read from the disks,
but not write to them (providing a greater safety margin).

Note that /etc/dumpdates is already writable by group "disk" so the
operator userid would still be able to modify this file as intended.

Version-Release number of selected component (if applicable):
Comment 3 Nalin Dahyabhai 2004-08-31 11:44:57 EDT
Making this change for 3.9.2-1.
Comment 4 Nalin Dahyabhai 2004-09-14 11:28:01 EDT
Comment 5 Féliciano Matias 2004-10-03 13:03:39 EDT
This bug is not in FC3Blocker and it should be. It's a security issue
easy to fix :
- hd*:root:disk:660
+ hd*:root:disk:640
Comment 6 Alan Cox 2004-10-04 07:32:29 EDT
I don't see that its a security issue per se  - we don't ship suid
disk apps. I agree with the change however.
Comment 7 Féliciano Matias 2004-10-04 07:47:54 EDT
> I don't see that its a security issue

Check FC2, and /dev/hd* have rw access to group disk.
In fact, many other files have write access to group disk.
$ find /dev/ -group disk -perm -020 -print | wc
  16256   16256  237802

But MAKEDEV have change between fc2 and fc3 :
diff 00macros.fc2 00macros.fc3
< =STORAGE  660 root disk
> =STORAGE  640 root disk

So, it's a udev or MAKEDEV bug.
Comment 8 Féliciano Matias 2004-10-04 07:57:08 EDT
I am wrong in comment #c5 .
According to MAKEDEV (from fc3) all devices with disk group should
have root:disk 640 permission. Not only /dev/hd*.

Note You need to log in before you can comment on or make changes to this bug.