From owner-freebsd-stable@FreeBSD.ORG Sun Nov 20 13:16:26 2005 Return-Path: X-Original-To: stable@freebsd.org Delivered-To: freebsd-stable@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E94BB16A41F for ; Sun, 20 Nov 2005 13:16:26 +0000 (GMT) (envelope-from hk@alogis.com) Received: from alogis.com (firewall.solit-ag.de [212.184.102.1]) by mx1.FreeBSD.org (Postfix) with ESMTP id 714FB43D46 for ; Sun, 20 Nov 2005 13:16:26 +0000 (GMT) (envelope-from hk@alogis.com) Received: from alogis.com (localhost [127.0.0.1]) by alogis.com (8.13.1/8.13.1) with ESMTP id jAKDGPnF036220; Sun, 20 Nov 2005 14:16:25 +0100 (CET) (envelope-from hk@alogis.com) Received: (from hk@localhost) by alogis.com (8.13.1/8.13.1/Submit) id jAKDGOFa036219; Sun, 20 Nov 2005 14:16:24 +0100 (CET) (envelope-from hk) Date: Sun, 20 Nov 2005 14:16:24 +0100 From: Holger Kipp To: stable@freebsd.org Message-ID: <20051120131624.GB35164@intserv.int1.b.intern> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.4.2.1i Cc: Subject: FBSD-6 usb/scanner-access-rights X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 20 Nov 2005 13:16:27 -0000 Hello, I am slightly unsatisfied with user rights management, especially with usb-devices, but also with access to cd/dvd-burners for the following reason: I'd like to be able to allow access to burners that are accessed as scsi-devices (via atapicam) for some users, but for that to work it is not sufficient to allow access via cd0/cd1, but I also have to allow the corresponding pass-devices. For usb-scanner it is even worse. If I allow access to uscanner0, this does not work unless I also allow the corresponding /dev/usb-device. umass is also accessed as da-device and also therefore needs some da-devices to be allowed rw-access for 'ordinary' users. I don't relly like to allow direct access to the related devices (da, pass - especially if the system is using scsi-disks). Is there an easy way to name the devices a user might be allowed to access rw, without compromising the system? I don't want to give operator group to these users, and I don't want to blindly allow access to some da- or pass-devices where I cannot determine the order of numbering easily. I hope this does not sound ignorant. Pointers to helpful information are also welcome :-) Regards, Holger Kipp