[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

devfsd permissions and makedev permissions coordination

Hi there. I'm the current Debian devfsd maintainer. As you may or may not
know, the current devfsd package parses the /sbin/MAKEDEV script in its build
procedure to generate a standard list of permissions for devices (one of the
main functions of devfsd is to control the permissions of the automatically
generated devices in /dev).

Anyway, this is somewhat inconvenient; it produces a large file and requires
a couple of hacks to the current devfsd (since the old device filenames and
the new "devfs" names are different, I needed to add symlink following code),
although I've emailed the upstream maintainer about integrating these hacks.

So, I think a better way to proceed would be to unify the device permissions
between makedev and devfsd, probably by creating a new part of debian-policy
on the ownership and mode of devices in the system. I'm not really sure what
would be practical here; ideally the devfs-based system and the
non-devfs-based system would act identically.

However, devfs gives the sysadmin and the packagers a lot more power over
permissions. For example, we can set the group specifically for ide-cd
devices to cdrom for example (since the "real" filename is .../cd, not just
/dev/hdc or something).

The policy needn't be too specific; I think statements like "hard disks
should be owned root.disk, mode 0660" are specific enough. Here's a rough
draft list based on the devices in my system and the first few lines of

Hard disks, disk partitions, ramdisks		root.disk 0660
CD-ROM devices					root.cdrom 0660
Floppy devices					root.floppy 0660
Tape devices					root.tape 0660
Terminal devices [1]				root.tty 0666
/dev/console					root.tty 0622
Sound devices					root.audio 0660
V4L devices[2], /dev/3dfx, /dev/agpgart		root.video 0660
lp (parallel line printer) devices		root.lp 0660
/dev/kmem, /dev/mem, /dev/port			root.kmem 0640
Special devices (/dev/zero, /dev/null, /dev/full)	root.root 0666
Various sockets and pipes (/dev/log etc.)	root.root 0666
/dev/psaux					root.root 0660
/dev/urandom, /dev/random			root.root 0444

OBviously this list is nothing like complete; I'd appreciate some help
completing it, then I will make a policy draft for it.

[1] Virtual consoles (ttyxx), pseudo-ttys, serial devices
[2] Curiously includes radio-receiver devices (group video not audio)

[forgive me (but please say so) if this belongs on debian-policy; I'm a bit
ignorant about the exact function of that list and don't read it myself]

Tom Lees <tal26@cam.ac.uk> <tom@debian.org> <Tom.Lees@bigfoot.com>

To UNSUBSCRIBE, email to debian-devel-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to: