>Using gid 0 is not a horrible idea, but I think that using any uid or gid
>*except* 0 is a Bad Thing.
i agree.
>I'd prefer having a default mode of 000, to make it clear that you really
>have to make a decision about the permissions, and the kernel isn't going
>to do it for you.
i disagree. /dev/null should be always write and readable and /dev/zero
always readable.
the device driver should suggest a permission using this table :
first 3 bits (suid, sgid, t) always 0
all execute bits always 0
owner read 1 if driver supports read
owner write 1 if driver supports write
global read 0 default
1 read access will not give additional resources,
driver was designed to offer public read
(e.g. null zero random urandom)
global write 0 default
1 write access will not give additional resource
driver was designed to offer public write
(e.g. null random urandowm)
user read 0 default
1 if reading access will give resources, but not
compromisse system security
(audio, mouse and serial devices, but not disk
or /dev/kmem)
user write 0 default
1 if write access will give resources, but not
compromisse system security
(audio, mouse and serial devices, but not disk
or /dev/kmem)
summary : device drivers should give default permission.
give a permission for "group", if it makes sence to have a special group
on your system (e.g. "audio"), some privileged users in that group (e.g.
me) so they can access additional resources.
this does not make sence for things like hard disks or /dev/kmem :
access to devices could be used to gain root status (in case of the root
hard disk or the kmem this should be easy).
andreas