[arch-general] udev-139 and file permissions of /dev/net/tun
Thomas Bächler
thomas at archlinux.org
Tue Mar 10 16:06:03 EDT 2009
Attila schrieb:
>> If the default group of some of these devices should be changed (looks
>> like tun should be in the network group by default), please file a bug
>> report
>
> Oh, i don't know if tun should have this permissions or if the file mask 666
> is needed from another application. Until udev-139 this was my way and that
> is the reason why i recognized it.
In /lib/udev/devices, I simply replicated the default udev rule from 139
(which says root:root, 0666).
The permissions of /dev/net/tun do not matter at all. If you access the
device, you will only be able to use those interfaces that you own.
Creating interfaces and setting the owner requires privileges.
For example, if you run
tunctl -u attila -t tap0
the only users that can access the tap0 device are attila and root. The
kernel checks the permissions separately and independently of the
permissions of the special file.
> I'm only wondering that nothing from rules.d or permissions.d is used for
> creating this device. The loop devices at example has the same permissions as
> in /etc/udev/permissions.d/udev.permissions.
These devices are simply copied in rc.sysinit line 23:
/bin/cp -a /lib/udev/devices/* /dev/
udev rules are not applied until the module is loaded and a uevent for
creating the device is issued, then udev reads the rule(s) and acts
accordingly.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 260 bytes
Desc: OpenPGP digital signature
URL: <http://www.archlinux.org/pipermail/arch-general/attachments/20090310/e0513e6c/attachment.pgp>
More information about the arch-general
mailing list