devfsd permissions and makedev permissions coordination

To: debian-devel@lists.debian.org
Cc: makedev@packages.debian.org
Subject: devfsd permissions and makedev permissions coordination
From: Tom Lees <tal26@cam.ac.uk>
Date: Sat, 9 Sep 2000 23:11:13 +0100
Message-id: <[🔎] 20000909231113.A7371@lpsg.demon.co.uk>
Mail-followup-to: debian-devel@lists.debian.org, makedev@packages.debian.org

Hi there. I'm the current Debian devfsd maintainer. As you may or may not
know, the current devfsd package parses the /sbin/MAKEDEV script in its build
procedure to generate a standard list of permissions for devices (one of the
main functions of devfsd is to control the permissions of the automatically
generated devices in /dev).

Anyway, this is somewhat inconvenient; it produces a large file and requires
a couple of hacks to the current devfsd (since the old device filenames and
the new "devfs" names are different, I needed to add symlink following code),
although I've emailed the upstream maintainer about integrating these hacks.

So, I think a better way to proceed would be to unify the device permissions
between makedev and devfsd, probably by creating a new part of debian-policy
on the ownership and mode of devices in the system. I'm not really sure what
would be practical here; ideally the devfs-based system and the
non-devfs-based system would act identically.

However, devfs gives the sysadmin and the packagers a lot more power over
permissions. For example, we can set the group specifically for ide-cd
devices to cdrom for example (since the "real" filename is .../cd, not just
/dev/hdc or something).

The policy needn't be too specific; I think statements like "hard disks
should be owned root.disk, mode 0660" are specific enough. Here's a rough
draft list based on the devices in my system and the first few lines of
/sbin/MAKEDEV:

Hard disks, disk partitions, ramdisks		root.disk 0660
CD-ROM devices					root.cdrom 0660
Floppy devices					root.floppy 0660
Tape devices					root.tape 0660
Terminal devices [1]				root.tty 0666
/dev/console					root.tty 0622
Sound devices					root.audio 0660
V4L devices[2], /dev/3dfx, /dev/agpgart		root.video 0660
lp (parallel line printer) devices		root.lp 0660
/dev/kmem, /dev/mem, /dev/port			root.kmem 0640
Special devices (/dev/zero, /dev/null, /dev/full)	root.root 0666
Various sockets and pipes (/dev/log etc.)	root.root 0666
/dev/psaux					root.root 0660
/dev/urandom, /dev/random			root.root 0444

OBviously this list is nothing like complete; I'd appreciate some help
completing it, then I will make a policy draft for it.

[1] Virtual consoles (ttyxx), pseudo-ttys, serial devices
[2] Curiously includes radio-receiver devices (group video not audio)

[forgive me (but please say so) if this belongs on debian-policy; I'm a bit
ignorant about the exact function of that list and don't read it myself]

-- 
Tom Lees <tal26@cam.ac.uk> <tom@debian.org> <Tom.Lees@bigfoot.com>


-- 
To UNSUBSCRIBE, email to debian-devel-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to:

Follow-Ups:
- Re: devfsd permissions and makedev permissions coordination
  - From: "Marco d'Itri" <md@linux.it>

Prev by Date: Re: RFC: fix for daemon start on package install/upgrade out-of-runlevel
Next by Date: Re: apt-move problem
Previous by thread: Re: Release-critical Bugreport for September 8, 2000
Next by thread: Re: devfsd permissions and makedev permissions coordination
Index(es):
- Date
- Thread