...as taken from my arch linux feature request (https://bugs.archlinux.org/task/30731): i think it would be a good idea to have a separate group for usb devices which do not fall into camera/scanner/storage/... category. in my case i'm talking about a usbtiny mcu programmer and usb-connected oscilloscope but i'm sure there are gazillions of other devices. sure i can add myself to "root" group and gain access to ALL devices but i think "usb" group would be a cleaner solution. as a side note, gentoo has it and it works pretty well... ;-) thanks for considering it!
...or maybe a "plugdev" group?
"plugdev" is an entirely misguided and fundamentally wrong concept, this will not happen for systemd/udev. Device access groups are for system services, _never_ for ordinary users. Systems who do that do it wrong at many levels. Ordinaru users get ACLs assigned, depending on the way the log into the system, and the state of the session, and that is dynamic and adaptive, unlike groups. I have no problem with "usb" for raw usb device nodes, but "plugdev" as a group name and especially as a "concept" should just die, it's totally broken.
well, that kind of makes sense but let me ask you these, probably silly, questions: what acls do you mean exactly? the "standard" filesystem acls (as in ext4 etc.)? never heard of it for device files. who should be assigning those acls (and/or other permissions) based on session state etc.? things like polkit/consolekit/whatever-kit? sorry again, never used it (always loved plain old udev simplicity) so i really don't know (and yes, i've tried to google it but didn't succeed). please, give me some hints on what to read and/or what to search for... thank you!
(In reply to comment #3) > what acls do you mean exactly? the "standard" filesystem acls (as in ext4 > etc.)? never heard of it for device files. Yeah, filesystem ACLs on device nodes in /dev. Like this: $ getfacl /dev/dri/card0 # file: dev/dri/card0 # owner: root # group: video user::rw- user:kay:rw- group::rw- mask::rw- other::--- > who should be assigning those acls (and/or other permissions) based on session > state etc.? We do this since many years, almost every distro. > things like polkit/consolekit/whatever-kit? sorry again, never used > it (always loved plain old udev simplicity) so i really don't know (and yes, > i've tried to google it but didn't succeed). It was udev-acl with ConsoleKit data, now it's all in systemd. > please, give me some hints on what to read and/or what to search for... thank > you! http://cgit.freedesktop.org/systemd/systemd/tree/src/login/70-uaccess.rules Old udev was here: http://git.kernel.org/?p=linux/hotplug/udev.git;a=blob;f=src/extras/udev-acl/70-udev-acl.rules;h=2dac283101aee6ef75f2e1e397d6d91c3a4c92c1;hb=f13289ffdf077f75c8710e977ffe538b66885762
So, is there anything to fix here?
Closing, at the moment we don't see the need for bus-specific unix groups on the system. We should limit the use of groups to classes of devices, like video, audio, disk, not the type of connection they use.
Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.