devfs doesn't set access rights

Roland Smith rsmith at
Tue Dec 13 12:23:01 PST 2005

On Tue, Dec 13, 2005 at 11:21:43AM -0800, Brooks Davis wrote:
> > > This is normal.  devfs.conf is for boot only, you need devfs.rules for
> > > runtime.  Unfortunatly, the documentation of this fact and the
> > > docuementation of devfs.rules sucks.
> > 
> > Hmm, it's quite explicitly mentioned in the manual pages for devfs.conf and
> > devfs.rules. 
> > 
> > Feel free to suggest improvements...
> 90% of the problem is the existence of devfs.conf. devfs(8) appears
> capable of everything it does, but we still have two ways to do it which
> is gratuitously confusing. 

Hmm, I can mostly agree with that. The only real use I can think of
for devfs.conf is when the devfs binary is corrupt.

> The devfs(8) documentation is lacking in a
> complete, working example, 

What's wrong with the EXAMPLES section in devfs(8)?

> any documentation of the rc.conf variables
> (which also aren't documented in rc.conf(5) either), and any mention of
> that the purpose or usage of lines like:
> [devfsrules_unhide_basic=2]

See devfs.rules(5), third para of DESCRIPTION. I agree it could use an
example, and some explanation that you have to enable the ruleset in

There is an example on my website: 

Following is a patch for devfs.rules.5. Comments? Otherwise I'll submit it.

------------------ devfs.rules.5 patch --------------------------
--- devfs.rules.5	2005/12/13 19:59:29	1.6
+++ devfs.rules.5	2005/12/13 20:16:40
@@ -24,7 +24,7 @@
 .\" $FreeBSD: /repoman/r/ncvs/src/share/man/man5/devfs.rules.5,v 2005/07/27 12:03:48 keramida Exp $
-.Dd May 17, 2005
+.Dd Dec 13, 2005
@@ -72,8 +72,22 @@
 .Dq Li usb
 group, the following rule may be used:
+.Dl "[localrules=10]"
 .Dl "add path 'da*s*' mode 0660 group usb"
+The first line declares and starts a new ruleset, with the name
+.Va localrules
+and the number 10. Rulesets should have a unique name and number.  All
+rules that follow a ruleset declaration belong to that ruleset, untill a
+new ruleset is started. This ruleset has to be enabled in
+.Pa /etc/rc.conf 
+to be the ruleset for the 
+.Pa /dev 
+filesystem. This is done by putting the following line in 
+.Pa /etc/rc.conf :
+.Dl "devfs_system_ruleset=""localrules"""
 To make all the
 .Xr uscanner 4
 devices accessible to their owner and the
@@ -81,6 +95,7 @@
 group, a similar rule may be used:
 .Dl "add path 'uscanner*' mode 0660 group usb"
 .Xr glob 3 ,
 .Xr devfs 5 ,
------------------ devfs.rules.5 patch --------------------------

> Setting the mode of a device node really ought to be trivial, but last
> time I looked at it I was clearly missing something and couldn't get it
> working.  I decided the device in question really ought to be attached
> at boot and thus gave up and used devfs.conf since I had productive
> work to do.  Some cook easy to use cookbook example would be really
> helpful for those who don't have time to figure out all the details.

Maybe my freebsd page can help. Most of the things I learned while
configuring FreeBSD are documented here.

> Comparativly few people will want to do anything more than make a device
> or two more accessable.

Agreed. But the mechanism is more general because devfs can be used in
multiple places (e.g. jails).

R.F.Smith ( Please send e-mail as plain text.
public key:
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url :

More information about the freebsd-stable mailing list