From mboxrd@z Thu Jan 1 00:00:00 1970 From: Greg KH Date: Wed, 03 Mar 2004 18:41:29 +0000 Subject: Re: udev-021 rule based permissions (+patch) Message-Id: <20040303184129.GD27709@kroah.com> List-Id: References: <200403031634.43358.hyriand@thegraveyard.org> In-Reply-To: <200403031634.43358.hyriand@thegraveyard.org> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit To: linux-hotplug@vger.kernel.org On Wed, Mar 03, 2004 at 04:34:43PM +0100, Hyriand wrote: > On Wednesday 03 March 2004 16:10, you wrote: > > On Wed, Mar 03, 2004 at 03:15:45PM +0100, Hyriand wrote: > > > Dear Greg, > > > > > > First of all, thanks for your excellent work on udev (and related tools), > > > I really enjoyed giving devfs a big kick and wiping every trace of it > > > from my kernel. > > > > Thanks for your kind words. > > > > > But now for the direct cause of this e-mail, rule-based permissions. > > > Quite simple actually, it adds OWNER, GROUP and MODE fields to the device > > > rules, and applies those if no applicable rule is found in the > > > permissions table. I know this might be against conventions, but it adds > > > some flexibility since you can't change permissions based on a symlink > > > name. > > > > Hm, I don't understand. What is wrong with the current scheme of using > > the udev.permissions file for this? > > An over-simplified case would be a laptop that has a slot in which you can > insert a cd-recorder or a dvd-rom drive. If the cd-rw is inserted, the group > of the "hdc" device should be "cdrw" (well, depends on how you arrange > security of course), and if the dvd-rom drive is inserted, the group should > be something else. There's currently one way of achieving that, making the > device name change (cdrom or dvdrom), settings up permissions for that and > symlinking it to %k (for compatibility reasons), but I thought this was a > slightly cleaner way (configuration wise) of setting up different permissions > for a device without having to symlink it. > > Or in other words, "hdc" (or whatever other device file) might not always > refer to the same device, and should have different permissions accordingly. Then provide a different name for the device, which allows you to have different permissions. That's the simplest solution for this, correct? thanks, greg k-h ------------------------------------------------------- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps & Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id56&alloc_id438&op=click _______________________________________________ Linux-hotplug-devel mailing list http://linux-hotplug.sourceforge.net Linux-hotplug-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/linux-hotplug-devel