On Sun, Sep 30, 2012 at 11:10:36PM +0200, Tom Gundersen wrote: > Do I understand correctly that you simply want to disable systemd > setting ACL's on your device nodes? That is indeed my main concern. In particular, audio devices should be available to whoever is a member of the 'audio' group, and USB devices to the 'storage' group if that applies, or to some other group if they are anything else (e.g. musical keyboards, MIDI controllers etc.). All of this should be absolutely independent of who's logged in and how. > > I'd want things to be configured that way 'once and for all', meaning that > > a) I'm not really looking forward to having to do this for each and every > > device or command, and b) that a routine system update (a frequent enough > > event on an Arch system) must not be able to modify this policy. > > Makes sense. By 'not be able' I mean that normal updates should not have that effect even if in theory they could. I appreciate pacman's habit of leaving a .pacnew and let me deal with it instead of instantly modifying things :-) > Assuming I understand you correctly, what you want is possible. > > > (where are > > those ACLs defined for example). > > /usr/lib/udev/rules.d/70-uaccess.rules > > > So my question is: a) is it possible to configure a system as I want it, > > and b) if yes, how ? > > The way the ACL's work is that the active session on a given seat is > given access to every device node that is tagged with "uaccess" and > the correct seat name by udev. To make sure no device nodes are tagged > in this way, simply put an empty 70-uaccess.rules file in > /etc/udev/rules.d. This means that the corresponding rules file in > /usr/lib will be ignored, and the files under /etc are not touched > during upgrades. Many thanks for this info, it's really what I hoped for. > If this is not entirely what you want to do, there are several other > options, but assuming I understood you correctly I believe this is the > least intrusive one for your purpose. I'm always eager to learn more... Ciao, -- FA A world of exhaustive, reliable metadata would be an utopia. It's also a pipe-dream, founded on self-delusion, nerd hubris and hysterically inflated market opportunities. (Cory Doctorow)