Re: Bug#286040: please allow permissions.d to follow symlinks

[Stefan Schweizer <sschweizer@gmail.com>]

[-- Attachment #1: Type: text/plain, Size: 2045 bytes --]

On Fri, 17 Dec 2004 08:45:48 -0800, Greg KH <greg@kroah.com> wrote:
> Actually I was considering just dropping the permissions.d file
> entirely, as I think we don't need it anymore.  But I have not had the
> time to determine if this is possible or not just yet.

This sounds cool, but it will also mean, that we have bigger rules, as
most of the rules will need a GROUP="" statement then.

> What about the fun interaction with pam that causes device nodes to
> "magically" assume other permissions.  Are you objecting to that too?
> 
That has nothing to do with udev, it only hided an udev bug for a while

If you look in your archives, you will see, that I first wanted to
make permissions.d follow symlinks as the proper way to handle it. As
I consider myself not a very good programmer and because someone
pointed out that I could use GROUP=, I made a workaround that has been
merged into udev now.
But I still think its abetter to make udev follow symlinks as that
will keep permissions in permissions.d and remove unnecessary grouping
code from symlink-scripts like cdsymlinks.sh.

> I have yet to see a patch that offers such an "improvement" in this
> thread.  If you ever create one, I would love to see it posted on the
> list for everyone to evaluate.  Until then, this argument is over.
> 
I attached a rolled-up patch against the latest udev release for your pleasure.
It was taken from http://bugs.gentoo.org/show_bug.cgi?id=73064
You can credit Gregorio Guidi <g.guidi <at> sns.it> for it, when you merge it.

> Um, I have no control over the debian udev rules files, I just mirror in
> the udev tree what the maintainer gives to me.
> 
I use gentoo, but why do we even have different rules.d files? Can we
not make as much as possible common in them? What are the differences
between the distributions?
With this system we have some rules missing in every distributions
rules file, because bugfixes and new features are commonly applied
only to one rules file.

Stefan Schweizer
Gentoo developer
http://dev.gentoo.org/~genstef

[-- Attachment #2: udev-match-symlink-perms.patch --]
[-- Type: application/octet-stream, Size: 1308 bytes --]

diff -uNr udev-049.orig/etc/udev/gentoo/udev.permissions udev-046/etc/udev/udev.permissions.gentoo
--- udev-049.orig/etc/udev/gentoo/udev.permissions	2004-11-18 20:39:15.000000000 +0100
+++ udev-049/etc/udev/gentoo/udev.permissions	2004-12-01 21:22:15.095677080 +0100
@@ -114,7 +114,6 @@
 raw/*:root:disk:660
 
 # disk devices
-hd*:root:disk:660
 sd*:root:disk:660
 dasd*:root:disk:660
 ataraid*:root:disk:660
diff -uNr udev-049.orig/namedev.c udev-046/namedev.c
--- udev-049.orig/namedev.c	2004-11-18 20:39:15.000000000 +0100
+++ udev-049/namedev.c	2004-12-01 21:18:42.945928744 +0100
@@ -695,7 +695,9 @@
 	struct sysfs_device *sysfs_device = NULL;
 	struct config_device *dev;
 	struct perm_device *perm;
+	char linkname[NAME_SIZE];
 	char *pos;
+	int len;
 
 	udev->mode = 0;
 	dbg("class_dev->name='%s'", class_dev->name);
@@ -794,6 +796,18 @@
 perms:
 	/* apply permissions from permissions file to empty fields */
 	perm = find_perm_entry(udev->name);
+	if (perm != NULL)
+		goto perms_found;
+
+	/* try to match the symlink name */
+	foreach_strpart(udev->symlink, " ", pos, len) {
+		strfieldcpymax(linkname, pos, len+1);
+		perm = find_perm_entry(linkname);
+		if (perm != NULL)
+			goto perms_found;
+	}
+
+perms_found:
 	if (perm != NULL) {
 		if (udev->mode == 0000)
 			udev->mode = perm->mode;