The permissions for /var/lock directory on my gentoo 1.4 (pretty current)
installation are set too tightly for some applications to work properly as
non-root users. The permissions by default are 0770 root/uucp.
This causes serial port accessing applications to fail, as most expect to
note a serial port is in use in /var/lock. It seems that devfs is smart enough
to set the serial ports to permissions I can use them with as a non-root user
upon console login. But since most serial port utilizing apps expect to have
access to /var/lock , they get confused when they cannot secure a lockfile.
Hence, they may refuse to open a serial port even when they otherwise can.
Yes, if set to 1777 (like Slackware 8.1 has it), /var/lock becomes a
potential place for users to hide their files as another tmp file directory.
But assigning users to group uucp is an odd solution too, and one I think
actually is unsafe if you do use uucp.
The alternate solution: Make all serial-port utilizing applications setgid
uucp. For some reason I keep thinking Slackware and others actually abandoned
this approach for some reason.
Steps to Reproduce:
1. Run an application (kde-base/kdepim's kandy, net-dialup/minicom, etc.) that
expects to access a serial port as a non-root users from the console (or an X
server started from the console). "ls -l /dev/tts/*" should show you have
access to all serial ports on your computer.
2. The application may report it is unable to open the serial port. If it is
smarter than that (like minicom is), it will tell you the lockfile cannot be
secured. What the application is trying to do is write a /var/lock/LCK..#
lockfile to tell other applications to leave the serial port alone. If a user
is not root or in group uucp, they presently cannot do so.
Applications fail to access serial port, because they cannot make a lock file to
secure said port.
Applications should have been able to write a lockfile to /var/lock to mark what
they are using so other applications leave the serial port in use alone.
sys-apps/baselayout 22.214.171.124 installed.
It is not known if any other applications that are not serial port related
really want access to the /var/lock directory, but cannot secure it.
My opinion is that this is a choice up to the administrator. Default setup
is secure, but if the admin wants to open it ....
Like I said ... its up to the admin.