devfs doesn't set access rights

Brooks Davis brooks at one-eyed-alien.net
Tue Dec 13 12:55:58 PST 2005 

On Tue, Dec 13, 2005 at 09:22:34PM +0100, Roland Smith wrote:
> On Tue, Dec 13, 2005 at 11:21:43AM -0800, Brooks Davis wrote:
> <snip>
> > > > This is normal.  devfs.conf is for boot only, you need devfs.rules for
> > > > runtime.  Unfortunatly, the documentation of this fact and the
> > > > docuementation of devfs.rules sucks.
> > > 
> > > Hmm, it's quite explicitly mentioned in the manual pages for devfs.conf and
> > > devfs.rules. 
> > > 
> > > Feel free to suggest improvements...
> > 
> > 90% of the problem is the existence of devfs.conf. devfs(8) appears
> > capable of everything it does, but we still have two ways to do it which
> > is gratuitously confusing. 
> 
> Hmm, I can mostly agree with that. The only real use I can think of
> for devfs.conf is when the devfs binary is corrupt.

That seems like a non issue.  In that case you're in recovery mode and
presumably need to know how to drive chown and chmod. :)

> > The devfs(8) documentation is lacking in a
> > complete, working example, 
> 
> What's wrong with the EXAMPLES section in devfs(8)?

It's fine.  Referring to devfs(8) was poor word choice on my part.  I
meant the system as a whole including devfs.rules.

> > any documentation of the rc.conf variables
> > (which also aren't documented in rc.conf(5) either), and any mention of
> > that the purpose or usage of lines like:
> > 
> > [devfsrules_unhide_basic=2]
> 
> See devfs.rules(5), third para of DESCRIPTION. I agree it could use an
> example, and some explanation that you have to enable the ruleset in
> /etc/rc.conf.

That's quite easy to miss.  I saw the bit about comments and my eyes
glazed over and skipped the rest.  Breaking out the paragraph into
bullets might be an improvement.

> There is an example on my website:
> http://www.xs4all.nl/~rsmith/freebsd/#hotplug 
>
> Following is a patch for devfs.rules.5. Comments? Otherwise I'll submit it.

Content looks good to me.

> ------------------ devfs.rules.5 patch --------------------------
> --- devfs.rules.5	2005/12/13 19:59:29	1.6
> +++ devfs.rules.5	2005/12/13 20:16:40
> @@ -24,7 +24,7 @@
>  .\"
>  .\" $FreeBSD: /repoman/r/ncvs/src/share/man/man5/devfs.rules.5,v 1.2.4.1 2005/07/27 12:03:48 keramida Exp $
>  .\"
> -.Dd May 17, 2005
> +.Dd Dec 13, 2005
>  .Dt DEVFS.RULES 5
>  .Os
>  .Sh NAME
> @@ -72,8 +72,22 @@
>  .Dq Li usb
>  group, the following rule may be used:
>  .Pp
> +.Dl "[localrules=10]"
>  .Dl "add path 'da*s*' mode 0660 group usb"
>  .Pp
> +The first line declares and starts a new ruleset, with the name
> +.Va localrules
> +and the number 10. Rulesets should have a unique name and number.  All
> +rules that follow a ruleset declaration belong to that ruleset, untill a
> +new ruleset is started. This ruleset has to be enabled in
> +.Pa /etc/rc.conf 
> +to be the ruleset for the 
> +.Pa /dev 
> +filesystem. This is done by putting the following line in 
> +.Pa /etc/rc.conf :
> +.Pp
> +.Dl "devfs_system_ruleset=""localrules"""

From looking in rc.conf(5), I think this should be:

.Pa /etc/rc.conf :
.Bd -literal
devfs_system_ruleset="localrules"
.Ed

> +.Pp
>  To make all the
>  .Xr uscanner 4
>  devices accessible to their owner and the
> @@ -81,6 +95,7 @@
>  group, a similar rule may be used:
>  .Pp
>  .Dl "add path 'uscanner*' mode 0660 group usb"
> +.Pp

I think this is unnecessary.  It's certainly not common practice.

>  .Sh SEE ALSO
>  .Xr glob 3 ,
>  .Xr devfs 5 ,
> ------------------ devfs.rules.5 patch --------------------------
> 
> > Setting the mode of a device node really ought to be trivial, but last
> > time I looked at it I was clearly missing something and couldn't get it
> > working.  I decided the device in question really ought to be attached
> > at boot and thus gave up and used devfs.conf since I had productive
> > work to do.  Some cook easy to use cookbook example would be really
> > helpful for those who don't have time to figure out all the details.
> 
> Maybe my freebsd page can help. Most of the things I learned while
> configuring FreeBSD are documented here.
> 
> http://www.xs4all.nl/~rsmith/freebsd

The example you site looks like excellent handbook fodder.

> > Comparativly few people will want to do anything more than make a device
> > or two more accessable.
> 
> Agreed. But the mechanism is more general because devfs can be used in
> multiple places (e.g. jails).

Definitely.  The full features look quite cool and useful.  My concern is
simply that it's easy to find out how to do the common thing without
having to understand all the complex things you can do.  Thanks for
writing this manpage and working to improve it!

-- Brooks

-- 
Any statement of the form "X is the one, true Y" is FALSE.
PGP fingerprint 655D 519C 26A7 82E7 2529  9BF0 5D8E 8BE9 F238 1AD4
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-stable/attachments/20051213/297a1e2d/attachment.bin

More information about the freebsd-stable mailing list