From owner-freebsd-stable@FreeBSD.ORG Tue Aug 17 03:47:58 2004 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 00FDC16A4CE for ; Tue, 17 Aug 2004 03:47:58 +0000 (GMT) Received: from titania.auscert.org.au (gw.auscert.org.au [203.5.112.28]) by mx1.FreeBSD.org (Postfix) with ESMTP id 60E2643D2F for ; Tue, 17 Aug 2004 03:47:57 +0000 (GMT) (envelope-from freebsd-stable@auscert.org.au) Received: from app.auscert.org.au (app [10.0.1.192])i7H3ll6t018647 for ; Tue, 17 Aug 2004 13:47:47 +1000 (EST) Received: from app.auscert.org.au (localhost [127.0.0.1]) by app.auscert.org.au (8.12.10/8.12.10) with ESMTP id i7H3luiP037958 for ; Tue, 17 Aug 2004 13:47:56 +1000 (EST) Message-Id: <200408170347.i7H3luiP037958@app.auscert.org.au> To: freebsd-stable@freebsd.org From: freebsd-stable@auscert.org.au In-Reply-To: Your message of "Mon, 16 Aug 2004 20:33:34 MST." <200408170333.i7H3XYdn000986@mist.nodomain> Date: Tue, 17 Aug 2004 13:47:56 +1000 Subject: Re: console grabbing in X X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 17 Aug 2004 03:47:58 -0000 > On Tue, 17 Aug 2004 12:42:42 +1000, Joel Hatton wrote: > >> > > I'm not sure what this option allows: > > > > # Allow ordinary users to take the console - this is useful for X. > > options UCONSOLE > > > > I have this configured in my kernel config, but I still can't run xconsole > > as a non-root user (program launches with "Couldn't open console" error). > > Am I misunderstanding something? > >> > > Wild guess: you need to chown/reprotect /dev/console. > > Do "man fbtab" for more information. > > Dan Strick Thanks, I should have searched first, my xconsole problem is a FAQ: 11.15. Why do I get ``Couldn't open console'' when I run xconsole? If you start X with startx, the permissions on /dev/console will not get changed, resulting in things like xterm -C and xconsole not working. This is because of the way console permissions are set by default. On a multi-user system, one does not necessarily want just any user to be able to write on the system console. For users who are logging directly onto a machine with a VTY, the fbtab(5) file exists to solve such problems. In a nutshell, make sure an uncommented line of the form /dev/ttyv0 0600 /dev/console is in /etc/fbtab (see fbtab(5)) and it will ensure that whomever logs in on /dev/ttyv0 will own the console. However, there's no mention of the UCONSOLE kernel option - does this mean that it is not needed, or does it have another function entirely? I'd like to know if so, so I can remove it from my config. cheers, -- Joel Hatton -- Security Analyst | Hotline: +61 7 3365 4417 AusCERT - Australia's national CERT | Fax: +61 7 3365 7031 The University of Queensland | WWW: www.auscert.org.au Qld 4072 Australia | Email: auscert@auscert.org.au