Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP Posting-Version: version B 2.10.2 9/18/84; site brl-tgr.ARPA Path: utzoo!watmath!clyde!bonnie!akgua!sdcsvax!dcdwest!ittvax!decvax!genrad!panda!talcott!harvard!seismo!brl-tgr!tgr!root%bostonu.csnet@csnet-relay.arpa From: BostonU SysMgr Newsgroups: net.unix-wizards Subject: Re: protect tape access Message-ID: <8241@brl-tgr.ARPA> Date: Mon, 11-Feb-85 16:28:53 EST Article-I.D.: brl-tgr.8241 Posted: Mon Feb 11 16:28:53 1985 Date-Received: Fri, 15-Feb-85 03:46:19 EST Sender: news@brl-tgr.ARPA Organization: Ballistic Research Lab Lines: 26 I started to put one in my system, tell me if you find one but my scheme went like this: create a psuedo-user 'free' (or some such) free owns the tape drive (owner/group) make a tapealloc command called something which is setuid. It chowns the tape drive and forks a sub-shell. When the subshell exits it returns it to 'free'. The reason for the subshell is that any attempt to log out (eg. hanging up a phone) will free up the tape drive again (you may have to play with signals in tapealloc but it is straightforward.) The major problem is: The subshell method could make a few things awkward but this is not an unusual constraint and a user could still 'hog' a tape drive although at least now a 'ls -l /dev/?mt*' lists who is using what. Also, you will have to chown some set of devices (eg, /dev/mt0, /dev/rmt0, /dev/mt8 etc on 4.2bsd) but this is still reasonable. -Barry Shein [oh yeah, make sure you do your setuids correctly before forking that (setuid'd) subshell.]