Re: A requirement for the current user to own ttys

From: Egmont Koblinger <egmont gmail com>
To: Key Offecka <key offecka gmail com>
Cc: mc devel <mc-devel gnome org>
Subject: Re: A requirement for the current user to own ttys
Date: Sat, 11 Mar 2017 18:40:19 +0100

Hi,

The requirement here is that the second user (`ghost` in this example) is authorised to act on behalf of `echo`.

Nope. Via "sudo", the first user is allowed to execute certain commands on behalf of the second, not the other way around. During this, the second user doesn't have any access to the first user's resources (e.g. files under its home). As such, it's utterly irrelevant whether tty3 is owned by 'echo' (the first user) or not. It's not owned by 'ghost' (the second user), so no access.

If you wish to grant access to tty3 for 'ghost', this should be done by sudo or the pam framework or whatever, definitely not mc.

echo:/etc/init.d$ groups ghost
ghost : users root tty wheel

Seems your 'ghost' is a pretty power user. E.g. he can write to the tty devices, or even hijack the data that's being typed there. Definitely not something a regular user should have. Plus the root and wheel groups. As such, you might just as well put the vcsa devices in a group and chmod 660 and hence allow the ghost user to directly access them.

Question: does mc work in this case as it was designed?

It's a compromise due to the lack of alternate screen support. I'd say mc was designed to paint on the alternate screen, but due to lack thereof it needed to find a workaround.

behaviour I would expect: in the example above mc shouldn't stop after executing commands and should show previous command output.

mc is being executed as user 'ghost'. He has no direct access to the vcsa3 device, and the corresponding tty3 is owned by 'echo'. How do you think mc's cons.saver should figure out that it's safe to grant access?

I think to achieve the goals you mentioned above (to not allow others to see what they shouldn't see) another solution should be found. Do you agree?

Yup, like implementing alternate screen support in the Linux tty driver, or using a graphical emulator. I can't see how mc could solve this issue. If you can, let us know.

cheers,

egmont

Follow-Ups:
- Re: A requirement for the current user to own ttys
  - From: Konstantin I.

References:
- A requirement for the current user to own ttys
  - From: Key Offecka
- Re: A requirement for the current user to own ttys
  - From: Egmont Koblinger
- Re: A requirement for the current user to own ttys
  - From: Key Offecka
- Re: A requirement for the current user to own ttys
  - From: Egmont Koblinger
- Re: A requirement for the current user to own ttys
  - From: Key Offecka

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]