The permissions for /var/lock directory on my gentoo 1.4 (pretty current) installation are set too tightly for some applications to work properly as non-root users. The permissions by default are 0770 root/uucp. This causes serial port accessing applications to fail, as most expect to note a serial port is in use in /var/lock. It seems that devfs is smart enough to set the serial ports to permissions I can use them with as a non-root user upon console login. But since most serial port utilizing apps expect to have access to /var/lock , they get confused when they cannot secure a lockfile. Hence, they may refuse to open a serial port even when they otherwise can. Yes, if set to 1777 (like Slackware 8.1 has it), /var/lock becomes a potential place for users to hide their files as another tmp file directory. But assigning users to group uucp is an odd solution too, and one I think actually is unsafe if you do use uucp. The alternate solution: Make all serial-port utilizing applications setgid uucp. For some reason I keep thinking Slackware and others actually abandoned this approach for some reason. Reproducible: Always Steps to Reproduce: 1. Run an application (kde-base/kdepim's kandy, net-dialup/minicom, etc.) that expects to access a serial port as a non-root users from the console (or an X server started from the console). "ls -l /dev/tts/*" should show you have access to all serial ports on your computer. 2. The application may report it is unable to open the serial port. If it is smarter than that (like minicom is), it will tell you the lockfile cannot be secured. What the application is trying to do is write a /var/lock/LCK..# lockfile to tell other applications to leave the serial port alone. If a user is not root or in group uucp, they presently cannot do so. Actual Results: Applications fail to access serial port, because they cannot make a lock file to secure said port. Expected Results: Applications should have been able to write a lockfile to /var/lock to mark what they are using so other applications leave the serial port in use alone. sys-apps/baselayout 1.8.5.8 installed. It is not known if any other applications that are not serial port related really want access to the /var/lock directory, but cannot secure it.
My opinion is that this is a choice up to the administrator. Default setup is secure, but if the admin wants to open it ....
Like I said ... its up to the admin.