Hi Martin, tech-userlevel@, On 20/09/2018 10:49, Martin Husemann wrote: > On Thu, Sep 20, 2018 at 10:41:01AM +0200, Pierre Pronchery wrote: >> Would it make sense to create a _usb group, and setting the permissions >> of /dev/ugen* and maybe also /dev/usb* to mode 0660 root:_usb? >> >> With this we should also be able to run services like pcscd (from >> pkgsrc) without requiring root. > > We had some discussion about this some time ago in the context of usb > scanners. Alternatives propsoed where the GiveConsole/TakeConsole > scripts used by X login managers and a script that matches certain > devices.
Well, I believe even this approach would benefit from an additional _usb group. GiveConsole/TakeConsole would simply grant membership; this can only be better than changing ownership to nodes in /dev. > An alterntive Jared suggested was to add console users temporarily to a > dynamic group. I like this idea. I like it too, however on UNIX it is trivial to make such temporary ownership become permanent (just create a setgid binary). In practice however, shouldn't it be granting membership to multiple groups instead of just one? Access to hardware components should be more granular than just one "_hardware" group. Some system services may also provide functionality without the final user requiring access to the hardware (like pcscd). > And I bet Jason would now chime in and talk about a aproper devfs ;-) That would be my favourite option actually :) Cheers, -- khorben
