From: Jeff Dike <jdike@addtoit.com>
To: Mike Mohr <akihana@gmail.com>
Cc: Rene Herman <rene.herman@home.nl>,
linux-kernel@vger.kernel.org, Guido Guenther <agx@sigxcpu.org>,
Bodo Eggert <7eggert@gmx.de>
Subject: Re: group ownership of tun devices -- nonfunctional?
Date: Wed, 22 Aug 2007 16:42:54 -0400 [thread overview]
Message-ID: <20070822204254.GA13410@c2.user-mode-linux.org> (raw)
In-Reply-To: <Pine.LNX.4.58.0708192333170.2426@be1.lrz>
> I can create devices that are owned by my user account (tunctl -u
> `whoami` -t tap0) and it works fine. However, if I use group
> permissions with -g it stops working. In all cases, if I pass -g
> <group>, the interface is created correctly but it is unusable as a
> non-root user.
I can't reproduce this - it seems to work fine on -rc3-mm1:
As root:
./tunctl -u user -g user -t tap1
ifconfig tap1 192.168.0.130 up
route add -host 192.168.0.131 dev tap1
chmod 666 /dev/net/tun
As a normal user:
./tunread # tunread source is below
As root again:
ping 192.168.0.131
tunread output:
0xffffffff 0xffffffff 0xffffffff 0xffffffff 0xffffffff 0xffffffff 0x0 0xffffffff 0xffffff9b 0x51 0xffffffb9 0xffffffd9 0x8 0x6 0x0 0x1 0x8 0x0 0x6 0x4 0x0 0x1 0x0 0xffffffff 0xffffff9b 0x51 0xffffffb9 0xffffffd9 0xffffffc0 0xffffffa8 0x0 0xffffff82
0x0 0x0 0x0 0x0 0x0 0x0 0xffffffc0 0xffffffa8 0x0 0xffffff83 0xffffffff 0xffffffff 0xffffffff 0xffffffff 0xffffffff 0xffffffff 0x0 0xffffffff 0xffffff9b 0x51 0xffffffb9 0xffffffd9 0x8 0x6 0x0 0x1 0x8 0x0 0x6 0x4 0x0 0x1 0x0 0xffffffff 0xffffff9b 0x51 0xffffffb9 0xffffffd9 0xffffffc0 0xffffffa8 0x0 0xffffff82
0x0 0x0 0x0 0x0 0x0 0x0 0xffffffc0 0xffffffa8 0x0 0xffffff83 0xffffffff 0xffffffff 0xffffffff 0xffffffff 0xffffffff 0xffffffff 0x0 0xffffffff 0xffffff9b 0x51 0xffffffb9 0xffffffd9 0x8 0x6 0x0 0x1 0x8 0x0 0x6 0x4 0x0 0x1 0x0 0xffffffff 0xffffff9b 0x51 0xffffffb9 0xffffffd9 0xffffffc0 0xffffffa8 0x0 0xffffff82
Jeff
--
Work email - jdike at linux dot intel dot com
#include <stdio.h>
#include <errno.h>
#include <fcntl.h>
#include <stdlib.h>
#include <unistd.h>
#include <string.h>
#include <sys/ioctl.h>
#define __KERNEL__
#include <linux/socket.h>
#include <linux/if.h>
#include <linux/if_tun.h>
int main(int argc, char **argv)
{
char packet[1600];
struct ifreq ifr;
int fd, err, i, n;
if((fd = open("/dev/net/tun", O_RDWR)) < 0){
perror("Opening /dev/net/tun");
exit(1);
}
memset(&ifr, 0, sizeof(ifr));
/* Flags: IFF_TUN - TUN device (no Ethernet headers)
* IFF_TAP - TAP device
*
* IFF_NO_PI - Do not provide packet information
*/
ifr.ifr_flags = IFF_TUN;
strncpy(ifr.ifr_name, "tap1", IFNAMSIZ);
if((err = ioctl(fd, TUNSETIFF, (void *) &ifr)) < 0){
perror("TUNSETIFF");
exit(1);
}
while(1){
n = read(fd, packet, sizeof(packet));
if(n < 0){
perror("read");
exit(1);
}
else if(n == 0)
break;
for(i = 0; i < n; i++){
printf("0x%x ", packet[i]);
if((i % 32) == 31)
printf("\n");
}
}
}
next prev parent reply other threads:[~2007-08-22 20:43 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <8Tpwf-3Nb-1@gated-at.bofh.it>
2007-08-19 16:05 ` group ownership of tun devices -- nonfunctional? Bodo Eggert
2007-08-19 16:10 ` Rene Herman
2007-08-19 21:42 ` Bodo Eggert
2007-08-19 23:24 ` Rene Herman
2007-08-20 11:45 ` Bodo Eggert
2007-08-22 20:42 ` Jeff Dike [this message]
2007-08-23 7:13 ` Guido Guenther
2007-08-18 5:56 Mike Mohr
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20070822204254.GA13410@c2.user-mode-linux.org \
--to=jdike@addtoit.com \
--cc=7eggert@gmx.de \
--cc=agx@sigxcpu.org \
--cc=akihana@gmail.com \
--cc=linux-kernel@vger.kernel.org \
--cc=rene.herman@home.nl \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox