/[gentoo]/xml/htdocs/doc/en/devfs-guide.xml
Gentoo

Diff of /xml/htdocs/doc/en/devfs-guide.xml

Parent Directory Parent Directory | Revision Log Revision Log | View Patch Patch

Revision 1.7 Revision 1.8
1<?xml version='1.0' encoding="UTF-8"?> 1<?xml version='1.0' encoding="UTF-8"?>
2<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/doc/en/devfs-guide.xml,v 1.7 2004/09/09 11:56:26 swift Exp $ --> 2<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/doc/en/devfs-guide.xml,v 1.8 2005/02/14 15:57:59 swift Exp $ -->
3 3
4<!DOCTYPE guide SYSTEM "/dtd/guide.dtd"> 4<!DOCTYPE guide SYSTEM "/dtd/guide.dtd">
5 5
6<guide link="/doc/en/devfs-guide.xml"> 6<guide link="/doc/en/devfs-guide.xml">
7<title>Device File System Guide</title> 7<title>Device File System Guide</title>
17and how to work with it. 17and how to work with it.
18</abstract> 18</abstract>
19 19
20<license/> 20<license/>
21 21
22<version>0.2</version> 22<version>0.3</version>
23<date>September 09, 2004</date> 23<date>2005-02-14</date>
24 24
25<chapter> 25<chapter>
26<title>What is devfs?</title> 26<title>What is devfs?</title>
27<section> 27<section>
28<title>The (good?) old days</title> 28<title>The (good?) old days</title>
327</chapter> 327</chapter>
328 328
329<chapter> 329<chapter>
330<title>Permission Related Items</title> 330<title>Permission Related Items</title>
331<section> 331<section>
332<title>Set/change permissions using PAM</title>
333<body>
334
335<p>
336Although you can set permissions in <path>/etc/devfsd.conf</path>, you
337are advised to use PAM (<e>Pluggable Authentification Modules</e>). This
338is because PAM has the final say on permissions, possibly ignoring the
339changes you make in <path>/etc/devfsd.conf</path>.
340</p>
341
342<p>
343PAM uses the <path>/etc/security/console.perms</path> file for the
344permissions. The file consists of two parts: the first one describes the
345groups, and the second one the permissions.
346</p>
347
348<p>
349Let's first take a look at the groups part. As an example we view the
350sound-group:
351</p>
352
353<pre caption = "Sound group in /etc/security/console.perms">
354&lt;sound&gt;=/dev/dsp* /dev/audio* /dev/midi* \
355 /dev/mixer* /dev/sequencer* \
356 /dev/sound/* /dev/snd/* /dev/beep \
357 /dev/admm* \
358 /dev/adsp* /dev/aload* /dev/amidi* /dev/dmfm* \
359 /dev/dmmidi* /dev/sndstat
360</pre>
361
362<p>
363The syntax is quite easy: you start with a group-name, and end with a
364list of devices that belong to that group.
365</p>
366
367<p>
368Now, groups aren't very useful if you can't do anything with them. So
369the next part describes how permissions are handled.
370</p>
371
372<pre caption = "Permissions for sound group in /etc/security/console.perms">
373&lt;console&gt; 0600 &lt;sound&gt; 0600 root.audio
374</pre>
375
376<p>
377The first field is the terminal check. On most systems, this is the
378console-group. PAM will check this field for every login. If the login
379happens on a device contained in the console-group, PAM will check and
380possibly change the permissions on some device files.
381</p>
382
383<p>
384The second field contains the permissions to which a device file is set
385upon succesfull login. When a person logs into the system, and the device
386files are owned by a default owner/group, PAM wil change the ownership
387to the logged on user, and set the permissions to those in this second
388field. In this case, 0600 is used (user has read/write access,
389all others don't).
390</p>
391
392<p>
393The third field contains the device-group whose permissions will be
394changed. In this case, the sound-group (all device files related to
395sound) will be changed.
396</p>
397
398<p>
399The fourth field defines the permissions to which the device file is set after
400returning to the default state. In other words, if the person who owns
401all the device files logs out, PAM will set the permissions back to a
402default state, described by this fourth field.
403</p>
404
405<p>
406The fifth field defines the ownership (with group if you want) to which
407the device attributes are set after returning to the default state. In
408other words, if the person who owns all the device files logs out, PAM
409will set the ownership back to a default state, described by this fifth
410field.
411</p>
412
413</body>
414</section>
415<section>
416<title>Set/change permissions with devfsd</title> 332<title>Set/change permissions with devfsd</title>
417<body> 333<body>
418 334
335<note>
336These instructions are valid as long as pam_console is disabled in
337<path>/etc/pam.d/system-auth</path>. If you enabled pam_console there,
338then PAM has the final word on permissions.
339</note>
340
419<p> 341<p>
420If you really want to set permissions using 342If you want to set permissions using <path>/etc/devfsd.conf</path>,
421<path>/etc/devfsd.conf</path>, then use the syntax used in the following 343then use the syntax used in the following example:
422example:
423</p> 344</p>
424 345
425<pre caption = "Permissions in /etc/devfsd.conf"> 346<pre caption = "Permissions in /etc/devfsd.conf">
426REGISTER ^cdroms/.* PERMISSIONS root.cdrom 0660 347REGISTER ^cdroms/.* PERMISSIONS root.cdrom 0660
427</pre> 348</pre>
431It is a regular expression, meaning you can select several device files 352It is a regular expression, meaning you can select several device files
432in one rule. 353in one rule.
433</p> 354</p>
434 355
435<p> 356<p>
436The fourth field is the ownership of the device file. Unlike with PAM 357The fourth field is the ownership of the device file, and the fifth
437this isn't changed (unless it is mentioned in <path>console.perms</path>
438since PAM always wins).
439</p>
440
441<p>
442The fifth field contains the permissions of the device file. 358field contains the permissions of the device file.
443</p> 359</p>
444 360
445</body> 361</body>
446</section> 362</section>
447<section> 363<section>
449<body> 365<body>
450 366
451<p> 367<p>
452This is the default behaviour for Gentoo: if you <c>chown</c> (CHange 368This is the default behaviour for Gentoo: if you <c>chown</c> (CHange
453OWNer) and <c>chmod</c> (CHange MODe) some device files, <c>devfsd</c> 369OWNer) and <c>chmod</c> (CHange MODe) some device files, <c>devfsd</c>
454will save the information when you are shutting down the system. This is 370will save the information so that it will persist across reboots. This
455because the <path>/etc/devfsd.conf</path> file contains the following 371is because the <path>/etc/devfsd.conf</path> file contains the
456lines: 372following lines:
457</p> 373</p>
458 374
459<pre caption = "/etc/devfsd.conf for saving permissions"> 375<pre caption = "/etc/devfsd.conf for saving permissions">
460REGISTER ^pt[sy]/.* IGNORE 376REGISTER ^pt[sy]/.* IGNORE
461CHANGE ^pt[sy]/.* IGNORE 377CHANGE ^pt[sy]/.* IGNORE
473RESTORE /lib/dev-state 389RESTORE /lib/dev-state
474</pre> 390</pre>
475 391
476<p> 392<p>
477In other words, changed device files are copied over to 393In other words, changed device files are copied over to
478<path>/lib/dev-state</path> when shutting down the system, and are 394<path>/lib/dev-state</path> as soon as the change happens, and are
479copied over to <path>/dev</path> when booting the system. 395copied over to <path>/dev</path> when booting the system.
480</p> 396</p>
481 397
482<p> 398<p>
483Another possibility is to mount <path>/lib/dev-state</path> on 399Another possibility is to mount <path>/lib/dev-state</path> on

Legend:
Removed from v.1.7  
changed lines
  Added in v.1.8

  ViewVC Help
Powered by ViewVC 1.1.20