Bug 145264 - /var/lock has wrong permissions
/var/lock has wrong permissions
Product: Fedora
Classification: Fedora
Component: lockdev (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: Karel Zak
Depends On:
  Show dependency treegraph
Reported: 2005-01-16 01:28 EST by Jonathan Scott Duff
Modified: 2007-11-30 17:10 EST (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2005-09-08 06:34:31 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Jonathan Scott Duff 2005-01-16 01:28:16 EST
Description of problem:

The /var/lock directory created by the lockdev RPM has permissions
that allow multiple users to attempt access to the same device.  

This is how I found the problem: 
1. login as user A, run minicom modem
2. login as user B on the same machine but on a different terminal,
run minicom modem
Any device will do however.

Actual results:

Both user A and user B have access to the modem device in a
competitive sort of way

Expected results:

User B should be denied access. minicom modem for user B should return
"operation not permitted"

Additional info:

I'm not quite sure of my diagnosis, but I do know that when I changed
the permissions of /var/lock to 1775 rather than 0775, the problem
went away.
Comment 1 Karel Zak 2005-02-18 09:05:05 EST
The directory /var/lock is write-able for root and group 'lock'. Everyone who
can work with locks need to access to locks created by other processes and
users. You need to remove foreign lock if the original process doesn't exist.

- process A create lock
- process A crash and the lock file is still there
- process B detect that there is lock, but owner of lock doesn't running
- process B remove old lock and creates new one with own PID

See: http://www.pathname.com/fhs/pub/fhs-2.3.html

Note You need to log in before you can comment on or make changes to this bug.