I have a box that is used by around 20 or students per term for an intro
to Unix and/or Unix admin course. Starting this current term a number
of students are `wall`ing everyone at a rather annoying rate during
lectures, so I decided to disable group write access to PTYs.
Since the /dev/pts file system is mounted with mode=620 per fstab (it's
a CentOS box) I changed the mount options to mode=600, which after
remount (or a restart in my case due to a kernel update) should give no
group permissions to new PTYs spawned. /etc/mtab reports that /dev/pts
is mounted with mode=600, but newly spawned PTYs (via SSH at least)
still have group write permissions. Interestingly /proc/mounts doesn't
report any extra options despite being mounted with gid=5 and mode=600
as options. I'm unsure if this is a problem with ssh changing the
permissions (the only way I've tried spawning a PTY) or whether the mode
option is being ignored. I somewhat doubt it's the latter; I'm noticing
the same problem on Debian Lenny as well, and /proc/mounts does
explicitly state that /dev/pts is mounted with mode=600.
Currently I've configured removal of PTY group write permissions through
the global bashrc, but ideally I would not want to leave this up to the
shell(s) to take care of on user login. Google hasn't been much help so
far in determining what may be going on, so I'm hoping someone may have
an answer and/or suggestion.
Thanks a bunch.
Maintained by the ILUG website team. The aim of Linux.ie is to
support and help commercial and private users of Linux in Ireland. You can
display ILUG news in your own webpages, read backend
information to find out how. Networking services kindly provided by HEAnet, server kindly donated by
Dell. Linux is a trademark of Linus Torvalds,
used with permission. No penguins were harmed in the production or maintenance
of this highly praised website. Looking for the
Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!