FBSD-6 usb/scanner-access-rights
Roland Smith
rsmith at xs4all.nl
Sun Nov 20 14:05:15 GMT 2005
On Sun, Nov 20, 2005 at 02:16:24PM +0100, Holger Kipp wrote:
>
> Is there an easy way to name the devices a user might
> be allowed to access rw, without compromising the system?
> I don't want to give operator group to these users,
> and I don't want to blindly allow access to some
> da- or pass-devices where I cannot determine the order
> of numbering easily.
One thing you could do is make the groups usb and cdrom and make them
the groups owning the relevant devices, e.g. by putting the following in
/etc/devfs.rules:
add path 'da*s*' mode 0660 group usb
add path 'uscanner*' mode 0660 group usb
The ownership for the CD-ROM devices should be set in /etc/devfs.conf:
# Give members of group cdrom access to the CD/DVD-ROM and DVD+RW via the
# SCSI interface
own xpt0 root:cdrom
perm xpt0 0660
own cd0 root:cdrom
perm cd0 0660
link cd0 cdrom
link cd0 dvd
own pass0 root:cdrom
perm pass0 0660
own cd1 root:cdrom
perm cd1 0660
own pass1 root:cdrom
perm pass1 0660
The user that must be able to use the CD-ROMs and scanner must be a
member of the appropriate group.
If that is not fine-grained enough, maybe ACLs might help. See setfacl(1).
Roland
--
R.F.Smith (http://www.xs4all.nl/~rsmith/) Please send e-mail as plain text.
public key: http://www.xs4all.nl/~rsmith/pubkey.txt
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-stable/attachments/20051120/57ef2359/attachment.bin
More information about the freebsd-stable
mailing list