Hi there!
As you all know up to now we have our very own rules file 50-udev.rules
This is good for getting our specials - but bad from maintainance view.
So here we are:
In udev git-gtree suse and redhat rules are already merged.
But they use a different permission / group system than we have, they have
less groups and assign some desktop permissions via pam_console.
I also got all of our rules files (except 50-udev.rules) merged with what the
other distros use (already in git).
Slackware has already started merging the rules with this "upstream" common
rules, and they also are more near to our approach by using groups for
audio/tape/cdrom/...
But I have not yet seen their rules yet. So for now we are on our own.
So before doing to much work we should get a sane concept.
And for that concept we need:
* A (maybe formal) definition what each group should be used for
* what devices it contains (if not obvious)
* if permissions should be read/read-write for the group
* and nothing/read for world.
The question arises as we use MODE=660 for most groups but upstream does 640
most of the time.
This are the groups.
1. audio
All alsa and oss devices.
Rules are not contained in upstream rules - they will in future be installed
by media-libs/alsa-lib
And upstream split of file for also also does not contain this group
but sure it should keep MODE=660 / group audio
(Or should we still support oss without having alsa installed)
2. cdrom
Used for all cdrom/cdwriter devices and for scsi also the associated sg
device.
MODE=660
Upstream has no such group - member of disk for them.
3. cdrw
Only used for pktcdvd with MODE=660
Should this be merged into group cdrom?
4. disk
Contains every device with SUBSYSTEM==block, with MODE=660
the raw-devices (still needed?)
+ some devices needed for ata-over-ethernet (with modes 220 or 440)
Upstream uses MODE=640 (Like old unix group for backup usage).
5. floppy
The fd* devices, MODE=660
Upstream uses MODE=640
6. lp
Used for all *lp* and parport devices with MODE=660
Upstream uses it same way.
7. tape
Contains all tape devices with MODE=660.
Upstream has no such group - member of disk group.
8. tty
Same usage as upstream (maybe only very slight changes)
9. usb
Devices for libusb (/dev/bus/usb/...) with MODE=664.
+ legousbtower device
Upstream has no such group but has libusb stuff root:root with MODE=644
If default world permission is reading then every package changing permissions
here (like gphoto, iscan, sane) should also keep world-read I think!
10. uucp
serial devices, isdn and more for dialout usage MODE=660
Upstream uses it same way.
11. video
A lot of misc stuff: dri/card*, nvidia, 3dfx, framebuffer, ieee1394, v4l, dvb
with MODE=660
Upstream has no such group - they keep group at root and grant access via pam.
Groups we do not use yet:
12. kmem
Upstream uses it for /dev/mem /dev/kmem /dev/port with MODE=640
Should be ok to use - we have group=root, MODE=640 for now
Matthias
--
Matthias Schwarzott (zzam)
--
gentoo-dev@gentoo.org mailing list
As you all know up to now we have our very own rules file 50-udev.rules
This is good for getting our specials - but bad from maintainance view.
So here we are:
In udev git-gtree suse and redhat rules are already merged.
But they use a different permission / group system than we have, they have
less groups and assign some desktop permissions via pam_console.
I also got all of our rules files (except 50-udev.rules) merged with what the
other distros use (already in git).
Slackware has already started merging the rules with this "upstream" common
rules, and they also are more near to our approach by using groups for
audio/tape/cdrom/...
But I have not yet seen their rules yet. So for now we are on our own.
So before doing to much work we should get a sane concept.
And for that concept we need:
* A (maybe formal) definition what each group should be used for
* what devices it contains (if not obvious)
* if permissions should be read/read-write for the group
* and nothing/read for world.
The question arises as we use MODE=660 for most groups but upstream does 640
most of the time.
This are the groups.
1. audio
All alsa and oss devices.
Rules are not contained in upstream rules - they will in future be installed
by media-libs/alsa-lib
And upstream split of file for also also does not contain this group
but sure it should keep MODE=660 / group audio
(Or should we still support oss without having alsa installed)
2. cdrom
Used for all cdrom/cdwriter devices and for scsi also the associated sg
device.
MODE=660
Upstream has no such group - member of disk for them.
3. cdrw
Only used for pktcdvd with MODE=660
Should this be merged into group cdrom?
4. disk
Contains every device with SUBSYSTEM==block, with MODE=660
the raw-devices (still needed?)
+ some devices needed for ata-over-ethernet (with modes 220 or 440)
Upstream uses MODE=640 (Like old unix group for backup usage).
5. floppy
The fd* devices, MODE=660
Upstream uses MODE=640
6. lp
Used for all *lp* and parport devices with MODE=660
Upstream uses it same way.
7. tape
Contains all tape devices with MODE=660.
Upstream has no such group - member of disk group.
8. tty
Same usage as upstream (maybe only very slight changes)
9. usb
Devices for libusb (/dev/bus/usb/...) with MODE=664.
+ legousbtower device
Upstream has no such group but has libusb stuff root:root with MODE=644
If default world permission is reading then every package changing permissions
here (like gphoto, iscan, sane) should also keep world-read I think!
10. uucp
serial devices, isdn and more for dialout usage MODE=660
Upstream uses it same way.
11. video
A lot of misc stuff: dri/card*, nvidia, 3dfx, framebuffer, ieee1394, v4l, dvb
with MODE=660
Upstream has no such group - they keep group at root and grant access via pam.
Groups we do not use yet:
12. kmem
Upstream uses it for /dev/mem /dev/kmem /dev/port with MODE=640
Should be ok to use - we have group=root, MODE=640 for now
Matthias
--
Matthias Schwarzott (zzam)
--
gentoo-dev@gentoo.org mailing list