[ILUG] /dev/pts/* Permissions and devpts Mount Mode

Eoghan Cotter eoghan.cotter at redbrick.dcu.ie
Thu Sep 30 08:29:17 IST 2010 

Hi Ryan,

We've a similar problem where we don't want users able to use wall, we've 
just denied access to it by setting permissions to 0750, basically 
removing the default setuid on it.

Cheers
Eoghan

On Wed, Sep 29, 2010 at 11:32:45PM -0500, Ryan Frederick wrote:
> Hi all,
>
> I have a box that is used by around 20 or students per term for an intro  
> to Unix and/or Unix admin course.  Starting this current term a number  
> of students are `wall`ing everyone at a rather annoying rate during  
> lectures, so I decided to disable group write access to PTYs.
>
> Since the /dev/pts file system is mounted with mode=620 per fstab (it's  
> a CentOS box) I changed the mount options to mode=600, which after  
> remount (or a restart in my case due to a kernel update) should give no  
> group permissions to new PTYs spawned.  /etc/mtab reports that /dev/pts  
> is mounted with mode=600, but newly spawned PTYs (via SSH at least)  
> still have group write permissions.  Interestingly /proc/mounts doesn't  
> report any extra options despite being mounted with gid=5 and mode=600  
> as options.  I'm unsure if this is a problem with ssh changing the  
> permissions (the only way I've tried spawning a PTY) or whether the mode  
> option is being ignored.  I somewhat doubt it's the latter; I'm noticing  
> the same problem on Debian Lenny as well, and /proc/mounts does  
> explicitly state that /dev/pts is mounted with mode=600.
>
> Currently I've configured removal of PTY group write permissions through  
> the global bashrc, but ideally I would not want to leave this up to the  
> shell(s) to take care of on user login.  Google hasn't been much help so  
> far in determining what may be going on, so I'm hoping someone may have  
> an answer and/or suggestion.
>
> Thanks a bunch.
>
> Ryan
> -- 
> Irish Linux Users' Group mailing list
> About this list : http://mail.linux.ie/mailman/listinfo/ilug
> Who we are : http://www.linux.ie/
> Where we are : http://www.linux.ie/map/
>

-- 
Eoghan Cotter

DCU Networking Society (Redbrick) Sys Admin

More information about the ILUG mailing list