Re: want to try systemd but need some advice

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On Sun, Sep 30, 2012 at 11:10:36PM +0200, Tom Gundersen wrote:

> Do I understand correctly that you simply want to disable systemd
> setting ACL's on your device nodes?

That is indeed my main concern. In particular, audio devices should
be available to whoever is a member of the 'audio' group, and USB
devices to the 'storage' group if that applies, or to some other
group if they are anything else (e.g. musical keyboards, MIDI
controllers etc.). All of this should be absolutely independent
of who's logged in and how.
 
> > I'd want things to be configured that way 'once and for all', meaning that
> > a) I'm not really looking forward to having to do this for each and every
> > device or command, and b) that a routine system update (a frequent enough
> > event on an Arch system) must not be able to modify this policy.
> 
> Makes sense.

By 'not be able' I mean that normal updates should not have that
effect even if in theory they could. I appreciate pacman's habit
of leaving a .pacnew and let me deal with it instead of instantly
modifying things :-)

> Assuming I understand you correctly, what you want is possible.
> 
> > (where are
> > those ACLs defined for example).
> 
> /usr/lib/udev/rules.d/70-uaccess.rules
> 
> > So my question is: a) is it possible to configure a system as I want it,
> > and b) if yes, how ?
> 
> The way the ACL's work is that the active session on a given seat is
> given access to every device node that is tagged with "uaccess" and
> the correct seat name by udev. To make sure no device nodes are tagged
> in this way, simply put an empty 70-uaccess.rules file in
> /etc/udev/rules.d. This means that the corresponding rules file in
> /usr/lib will be ignored, and the files under /etc are not touched
> during upgrades.

Many thanks for this info, it's really what I hoped for.

> If this is not entirely what you want to do, there are several other
> options, but assuming I understood you correctly I believe this is the
> least intrusive one for your purpose.

I'm always eager to learn more...

Ciao,

-- 
FA

A world of exhaustive, reliable metadata would be an utopia.
It's also a pipe-dream, founded on self-delusion, nerd hubris
and hysterically inflated market opportunities. (Cory Doctorow)



[Index of Archives]     [Linux Wireless]     [Linux Kernel]     [ATH6KL]     [Linux Bluetooth]     [Linux Netdev]     [Kernel Newbies]     [Share Photos]     [IDE]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux ATA RAID]     [Samba]     [Device Mapper]
  Powered by Linux