Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
how about controling dev-node priviledge by posix ACL?
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Desktop Environments
View previous topic :: View next topic  
Author Message
fpemud
Apprentice
Apprentice


Joined: 15 Feb 2012
Posts: 166

PostPosted: Fri Jul 12, 2013 12:39 am    Post subject: how about controling dev-node priviledge by posix ACL? Reply with quote

Tranditionally, device nodes in /dev are in "hardware groups" like disk, video, cdrom...
If I want to access a device, I should add myself into the corresponding group.

Could I just set "root:root" to device nodes and dynamically assign posix ACL to them using like some daemon program.
so that I can:
1. eliminate all the annoying "hardware groups"
2. get a clean user profile since I don't need to be in many secondary groups
3. manage dev-node priviledge in a central place.
4. more flexible priviledge policy
Back to top
View user's profile Send private message
VoidMage
Watchman
Watchman


Joined: 14 Oct 2006
Posts: 5525

PostPosted: Fri Jul 12, 2013 3:07 pm    Post subject: Reply with quote

For all of its shortcomings, consolekit (combined with udev-acl) was used to do something like that.
Back to top
View user's profile Send private message
fpemud
Apprentice
Apprentice


Joined: 15 Feb 2012
Posts: 166

PostPosted: Fri Jul 12, 2013 11:08 pm    Post subject: Reply with quote

I just realized my thought is somehow relevant to the multi-seat concept. Ok, now I know why consolekit appears in the answer.


I think my thought is good, the pros are real and I don't think there's obvious cons.

Is there any program or solution proposal for this thought other than ck/systemd?

I agree with the evil of vertical integrition.
Is there any effort that implements all the good functions in ck/systemd, but get rid of their shortcomings?
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Desktop Environments All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum