Date: Sat, 7 Jan 2006 19:37:49 +0100 From: Stefan =?iso-8859-1?Q?E=DFer?= <se@FreeBSD.org> To: Arne Woerner <arne_woerner@yahoo.com> Cc: freebsd-multimedia@freebsd.org Subject: Re: xsane as user Message-ID: <20060107183749.GA83273@StefanEsser.FreeBSD.org> In-Reply-To: <20060107163643.12201.qmail@web30310.mail.mud.yahoo.com> References: <20060107161111.GA42739@StefanEsser.FreeBSD.org> <20060107163643.12201.qmail@web30310.mail.mud.yahoo.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 2006-01-07 08:36 -0800, Arne Woerner <arne_woerner@yahoo.com> wrote: > --- Stefan Eßer <se@FreeBSD.org> wrote: > > > % cat /etc/devfs.conf > > > perm uscanner0 0664 > > > > Hmmm, why 0664? > > > Oh... I put myself into the operator group... Yes, that's what I propose, too. Then 0660 is sufficient. > I saw that too late... I hope my example still clear enough... It > should have been 0666 there too. That allows any user (i.e. any process on the system) to access the scanner and thus documents on it. Depends on the confidentiality of those documents whether that's acceptable ;-) > > Interesting idea to apply devfs rules from > > devd ... > > > I did not know, what devfs is good for, so I put it into devd so > that it makes sense in my setting (when I unplugged the scanner > the devfs settings were lost after I re-plugged the scanner). > > > attach 100 { > > device-name "uscanner[0-9]+"; > > action "chmod 660 /dev/$device-name"; > > }; > > > This creates uncontrolled redundancy, because then I have the > perms set in devfs.conf and in devd.conf... Correct. These two files serve different purposes, but there has been some discussion about this topic recently. As of now, devfs.conf is used to specify the initial state of the device nodes created in /dev. When there was a /dev on the root file system, ownership and permissions were persistent, and you could have alias names for devices by creating symbolic links in /dev. To reconstruct a sane initial state (if the compiled in default permissions are in the kernel are not considered appropriate), the commands in devfs.conf are executed when going multi-user (via /etc/rc.d/devfs). > I haven't understood the devfs/devd idea completely... :-) The devd process waits for changes in the device setup (e.g. when a removable device is attached or detached) and executes the commands specific to that device in devd.conf. If the scanner is connected to a running system, there will be a new uscanner device node (e.g. /dev/uscanner0), and devd can not only set the permissions but could execute any arbitrary command with sensible parameters (e.g. the device name can be passed). Executing /etc/rc.d/devfs from within devd is possible, but may have side effects (the initial settings are applied to all devices, though some may have been modified in between and should not beb reset). Besides, running this startup script is more effort than just calling chmod with the device node as a parameter. For that reason, the devd.conf line I sent in my previous mail does just what's needed (adjusts the permissions) without the danger of side effects on other devices and I'd suggest to switch over to using it ;-) Regards, STefan
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060107183749.GA83273>