sticky permissions of block devices

sticky permissions of block devices

[Matthias Schwarzott]

Hi there!

Newer udev has an ugly behaviour regarding block devices.
Chown a blockdevice to some user and open it once.
udev will trigger a change event and reset the permissions back to root:disk.

The fastest solution I can propose is to restrict permission setting to 
ACTION="add", but is that a good choice?

The use-case I had was to allow a user to access /dev/sda for running qemu.

Regards
Matthias

Re: sticky permissions of block devices

[Kay Sievers]

On Sun, Nov 29, 2009 at 20:08, Matthias Schwarzott <zzam@gentoo.org> wrote:
> Newer udev has an ugly behaviour regarding block devices.
> Chown a blockdevice to some user and open it once.
> udev will trigger a change event and reset the permissions back to root:disk.
>
> The fastest solution I can propose is to restrict permission setting to
> ACTION="add", but is that a good choice?
>
> The use-case I had was to allow a user to access /dev/sda for running qemu.

I guess, such users should create a simple rule in /etc/udev/rules.d/
with the intended settings to apply the permissions. There are many
reasons for change events, and they can happen for any device at any
time, and we re-apply all settings with a change event, because the
device might have changed its settings, and needs a new policy
applied.

As a simple workaround ACLs can probably be used, and they should not
be removed with any later event, unless the primary ownership/mode is
not touched.

Kay