/[gentoo]/xml/htdocs/doc/en/devfs-guide.xml
Gentoo

Diff of /xml/htdocs/doc/en/devfs-guide.xml

Parent Directory Parent Directory | Revision Log Revision Log | View Patch Patch

Revision 1.5 Revision 1.9
1<?xml version='1.0' encoding="UTF-8"?> 1<?xml version='1.0' encoding="UTF-8"?>
2<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/doc/en/devfs-guide.xml,v 1.5 2003/12/11 16:13:37 dertobi123 Exp $ --> 2<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/doc/en/devfs-guide.xml,v 1.9 2005/06/20 08:09:11 fox2mike Exp $ -->
3 3
4<!DOCTYPE guide SYSTEM "/dtd/guide.dtd"> 4<!DOCTYPE guide SYSTEM "/dtd/guide.dtd">
5 5
6<guide link="/doc/en/devfs-guide.xml"> 6<guide link="/doc/en/devfs-guide.xml">
7<title>Device File System Guide</title> 7<title>Device File System Guide</title>
17and how to work with it. 17and how to work with it.
18</abstract> 18</abstract>
19 19
20<license/> 20<license/>
21 21
22<version>0.1</version> 22<version>0.4</version>
23<date>September 11, 2003</date> 23<date>2005-06-20</date>
24 24
25<chapter> 25<chapter>
26<title>What is devfs?</title> 26<title>What is devfs?</title>
27<section> 27<section>
28<title>The (good?) old days</title> 28<title>The (good?) old days</title>
29<body> 29<body>
30
31<warn>devfs is <e>obsolete</e> and will eventually be removed from the stable
322.6 tree. Users on 2.6 kernels are hereby advised to switch to udev. For further
33information on udev, please refer to the <uri
34link="/doc/en/udev-guide.xml">Gentoo udev Guide</uri>.
35</warn>
30 36
31<p> 37<p>
32Traditional Linux implementations provide their users with an 38Traditional Linux implementations provide their users with an
33abstract device path, called <path>/dev</path>. Inside this path the 39abstract device path, called <path>/dev</path>. Inside this path the
34user finds <e>device nodes</e>, special files that represent devices 40user finds <e>device nodes</e>, special files that represent devices
126</p> 132</p>
127 133
128</body> 134</body>
129</section> 135</section>
130<section> 136<section>
131<title>devfs as all-round winner</title> 137<title>devfs as all-round winner ?</title>
132<body> 138<body>
133 139
134<p> 140<p>
135devfs tackles all listed problems. It only provides the user with 141devfs tackles all listed problems. It only provides the user with
136existing devices, adds new nodes when new devices are found, and makes 142existing devices, adds new nodes when new devices are found, and makes
142<p> 148<p>
143For instance, with devfs, you don't have to worry about major/minor 149For instance, with devfs, you don't have to worry about major/minor
144pairs. It is still supported (for backwards compatibility), but isn't 150pairs. It is still supported (for backwards compatibility), but isn't
145needed. This makes it possible for Linux to support even more devices, 151needed. This makes it possible for Linux to support even more devices,
146since there are no limits anymore (numbers always have boundaries :) 152since there are no limits anymore (numbers always have boundaries :)
153</p>
154
155<p>
156Yet devfs does come with it's own problems; for the end users these issues
157aren't really visible, but for the kernel maintainers the problems are big
158enough to mark devfs <e>obsolete</e> in favor of <uri
159link="udev-guide.xml">udev</uri>, which Gentoo supports and uses by default on
160most architectures since the 2005.0 release when using a 2.6 kernel.
161</p>
162
163<p>
164For more information as to why devfs is marked obsolete, please read the <uri
165link="http://www.kernel.org/pub/linux/utils/kernel/hotplug/udev-FAQ">udev
166FAQ</uri> and <uri
167link="http://www.kernel.org/pub/linux/utils/kernel/hotplug/udev_vs_devfs">udev
168versus devfs document</uri>.
147</p> 169</p>
148 170
149</body> 171</body>
150</section> 172</section>
151</chapter> 173</chapter>
312</chapter> 334</chapter>
313 335
314<chapter> 336<chapter>
315<title>Permission Related Items</title> 337<title>Permission Related Items</title>
316<section> 338<section>
317<title>Set/change permissions using PAM</title>
318<body>
319
320<p>
321Although you can set permissions in <path>/etc/devfsd.conf</path>, you
322are advised to use PAM (<e>Pluggable Authentification Modules</e>). This
323is because PAM has the final say on permissions, possibly ignoring the
324changes you make in <path>/etc/devfsd.conf</path>.
325</p>
326
327<p>
328PAM uses the <path>/etc/security/console.perms</path> file for the
329permissions. The file consists of two parts: the first one describes the
330groups, and the second one the permissions.
331</p>
332
333<p>
334Let's first take a look at the groups part. As an example we view the
335sound-group:
336</p>
337
338<pre caption = "Sound group in /etc/security/console.perms">
339&lt;sound&gt;=/dev/dsp* /dev/audio* /dev/midi* \
340 /dev/mixer* /dev/sequencer* \
341 /dev/sound/* /dev/snd/* /dev/beep \
342 /dev/admm* \
343 /dev/adsp* /dev/aload* /dev/amidi* /dev/dmfm* \
344 /dev/dmmidi* /dev/sndstat
345</pre>
346
347<p>
348The syntax is quite easy: you start with a group-name, and end with a
349list of devices that belong to that group.
350</p>
351
352<p>
353Now, groups aren't very usefull if you can't do anything with them. So
354the next part describes how permissions are handled.
355</p>
356
357<pre caption = "Permissions for sound group in /etc/security/console.perms">
358&lt;console&gt; 0600 &lt;sound&gt; 0600 root.audio
359</pre>
360
361<p>
362The first field is the terminal check. On most systems, this is the
363console-group. PAM will check this field for every login. If the login
364happens on a device contained in the console-group, PAM will check and
365possibly change the permissions on some device files.
366</p>
367
368<p>
369The second field contains the permissions to which a device file is set
370upon succesfull login. When a person logs into the system, and the device
371files are owned by a default owner/group, PAM wil change the ownership
372to the logged on user, and set the permissions to those in this second
373field. In this case, 0600 is used (user has read/write access,
374all others don't).
375</p>
376
377<p>
378The third field contains the device-group whose permissions will be
379changed. In this case, the sound-group (all device files related to
380sound) will be changed.
381</p>
382
383<p>
384The fourth field defines the permissions to which the device file is set after
385returning to the default state. In other words, if the person who owns
386all the device files logs out, PAM will set the permissions back to a
387default state, described by this fourth field.
388</p>
389
390<p>
391The fifth field defines the ownership (with group if you want) to which
392the device attributes are set after returning to the default state. In
393other words, if the person who owns all the device files logs out, PAM
394will set the ownership back to a default state, described by this fifth
395field.
396</p>
397
398</body>
399</section>
400<section>
401<title>Set/change permissions with devfsd</title> 339<title>Set/change permissions with devfsd</title>
402<body> 340<body>
403 341
342<note>
343These instructions are valid as long as pam_console is disabled in
344<path>/etc/pam.d/system-auth</path>. If you enabled pam_console there,
345then PAM has the final word on permissions.
346</note>
347
404<p> 348<p>
405If you really want to set permissions using 349If you want to set permissions using <path>/etc/devfsd.conf</path>,
406<path>/etc/devfsd.conf</path>, then use the syntax used in the following 350then use the syntax used in the following example:
407example:
408</p> 351</p>
409 352
410<pre caption = "Permissions in /etc/devfsd.conf"> 353<pre caption = "Permissions in /etc/devfsd.conf">
411REGISTER ^cdroms/.* PERMISSIONS root.cdrom 0660 354REGISTER ^cdroms/.* PERMISSIONS root.cdrom 0660
412</pre> 355</pre>
416It is a regular expression, meaning you can select several device files 359It is a regular expression, meaning you can select several device files
417in one rule. 360in one rule.
418</p> 361</p>
419 362
420<p> 363<p>
421The fourth field is the ownership of the device file. Unlike with PAM 364The fourth field is the ownership of the device file, and the fifth
422this isn't changed (unless it is mentioned in <path>console.perms</path>
423since PAM always wins).
424</p>
425
426<p>
427The fifth field contains the permissions of the device file. 365field contains the permissions of the device file.
428</p> 366</p>
429 367
430</body> 368</body>
431</section> 369</section>
432<section> 370<section>
434<body> 372<body>
435 373
436<p> 374<p>
437This is the default behaviour for Gentoo: if you <c>chown</c> (CHange 375This is the default behaviour for Gentoo: if you <c>chown</c> (CHange
438OWNer) and <c>chmod</c> (CHange MODe) some device files, <c>devfsd</c> 376OWNer) and <c>chmod</c> (CHange MODe) some device files, <c>devfsd</c>
439will save the information when you are shutting down the system. This is 377will save the information so that it will persist across reboots. This
440because the <path>/etc/devfsd.conf</path> file contains the following 378is because the <path>/etc/devfsd.conf</path> file contains the
441lines: 379following lines:
442</p> 380</p>
443 381
444<pre caption = "/etc/devfsd.conf for saving permissions"> 382<pre caption = "/etc/devfsd.conf for saving permissions">
445REGISTER ^pt[sy]/.* IGNORE 383REGISTER ^pt[sy]/.* IGNORE
446CHANGE ^pt[sy]/.* IGNORE 384CHANGE ^pt[sy]/.* IGNORE
458RESTORE /lib/dev-state 396RESTORE /lib/dev-state
459</pre> 397</pre>
460 398
461<p> 399<p>
462In other words, changed device files are copied over to 400In other words, changed device files are copied over to
463<path>/lib/dev-state</path> when shutting down the system, and are 401<path>/lib/dev-state</path> as soon as the change happens, and are
464copied over to <path>/dev</path> when booting the system. 402copied over to <path>/dev</path> when booting the system.
465</p> 403</p>
466 404
467<p> 405<p>
468Another possibility is to mount <path>/lib/dev-state</path> on 406Another possibility is to mount <path>/lib/dev-state</path> on

Legend:
Removed from v.1.5  
changed lines
  Added in v.1.9

  ViewVC Help
Powered by ViewVC 1.1.20