1 |
Hi there! |
2 |
|
3 |
As you all know up to now we have our very own rules file 50-udev.rules |
4 |
This is good for getting our specials - but bad from maintainance view. |
5 |
|
6 |
So here we are: |
7 |
In udev git-gtree suse and redhat rules are already merged. |
8 |
But they use a different permission / group system than we have, they have |
9 |
less groups and assign some desktop permissions via pam_console. |
10 |
|
11 |
I also got all of our rules files (except 50-udev.rules) merged with what the |
12 |
other distros use (already in git). |
13 |
|
14 |
Slackware has already started merging the rules with this "upstream" common |
15 |
rules, and they also are more near to our approach by using groups for |
16 |
audio/tape/cdrom/... |
17 |
But I have not yet seen their rules yet. So for now we are on our own. |
18 |
|
19 |
So before doing to much work we should get a sane concept. |
20 |
And for that concept we need: |
21 |
* A (maybe formal) definition what each group should be used for |
22 |
* what devices it contains (if not obvious) |
23 |
* if permissions should be read/read-write for the group |
24 |
* and nothing/read for world. |
25 |
|
26 |
The question arises as we use MODE=660 for most groups but upstream does 640 |
27 |
most of the time. |
28 |
|
29 |
|
30 |
This are the groups. |
31 |
1. audio |
32 |
All alsa and oss devices. |
33 |
Rules are not contained in upstream rules - they will in future be installed |
34 |
by media-libs/alsa-lib |
35 |
And upstream split of file for also also does not contain this group |
36 |
but sure it should keep MODE=660 / group audio |
37 |
(Or should we still support oss without having alsa installed) |
38 |
|
39 |
2. cdrom |
40 |
Used for all cdrom/cdwriter devices and for scsi also the associated sg |
41 |
device. |
42 |
MODE=660 |
43 |
Upstream has no such group - member of disk for them. |
44 |
|
45 |
3. cdrw |
46 |
Only used for pktcdvd with MODE=660 |
47 |
Should this be merged into group cdrom? |
48 |
|
49 |
4. disk |
50 |
Contains every device with SUBSYSTEM==block, with MODE=660 |
51 |
the raw-devices (still needed?) |
52 |
+ some devices needed for ata-over-ethernet (with modes 220 or 440) |
53 |
Upstream uses MODE=640 (Like old unix group for backup usage). |
54 |
|
55 |
5. floppy |
56 |
The fd* devices, MODE=660 |
57 |
Upstream uses MODE=640 |
58 |
|
59 |
6. lp |
60 |
Used for all *lp* and parport devices with MODE=660 |
61 |
Upstream uses it same way. |
62 |
|
63 |
7. tape |
64 |
Contains all tape devices with MODE=660. |
65 |
Upstream has no such group - member of disk group. |
66 |
|
67 |
8. tty |
68 |
Same usage as upstream (maybe only very slight changes) |
69 |
|
70 |
9. usb |
71 |
Devices for libusb (/dev/bus/usb/...) with MODE=664. |
72 |
+ legousbtower device |
73 |
Upstream has no such group but has libusb stuff root:root with MODE=644 |
74 |
|
75 |
If default world permission is reading then every package changing permissions |
76 |
here (like gphoto, iscan, sane) should also keep world-read I think! |
77 |
|
78 |
|
79 |
10. uucp |
80 |
serial devices, isdn and more for dialout usage MODE=660 |
81 |
Upstream uses it same way. |
82 |
|
83 |
11. video |
84 |
A lot of misc stuff: dri/card*, nvidia, 3dfx, framebuffer, ieee1394, v4l, dvb |
85 |
with MODE=660 |
86 |
Upstream has no such group - they keep group at root and grant access via pam. |
87 |
|
88 |
|
89 |
|
90 |
Groups we do not use yet: |
91 |
|
92 |
12. kmem |
93 |
Upstream uses it for /dev/mem /dev/kmem /dev/port with MODE=640 |
94 |
Should be ok to use - we have group=root, MODE=640 for now |
95 |
|
96 |
|
97 |
Matthias |
98 |
|
99 |
-- |
100 |
Matthias Schwarzott (zzam) |
101 |
-- |
102 |
gentoo-dev@g.o mailing list |