Date: Thu, 20 Aug 2009 23:27:26 +0000 From: Michal <ml@infosec.pl> To: Roland Smith <rsmith@xs4all.nl> Cc: freebsd-questions@freebsd.org Subject: Re: digital camera and devd Message-ID: <4A8DDBDE.10409@infosec.pl> In-Reply-To: <20090820213722.GB3586@slackbox.xs4all.nl> References: <4A8DA9FD.6080904@infosec.pl> <20090820213722.GB3586@slackbox.xs4all.nl>
next in thread | previous in thread | raw e-mail | index | archive | help
Roland Smith wrote: > > I'm not exactly sure what you are trying to achieve here. But here is my > €0,02: > > Create a group called 'usb'. Make every user that you want to be able to use > usb devices a member of this group. Next, add the following rules to your > active ruleset in /etc/devfs.rules: > > add path 'da*' mode 0660 group usb > add path 'msdosfs/*' mode 0660 group usb > add path 'uscanner*' mode 0660 group usb > add path 'usb*' mode 0660 group usb > add path 'ugen*' mode 0660 group usb > And that is pretty much what I'm doing with two differences: 1. I'm using user name instead of designated group. 2. Following principle of least privilege I don't want to give him (which just happens to be myself) rights to anything other than my digital camera. Only this specific camera should trigger changes in ownership/rights of camera-related device nodes. I know it looks a bit anal at first glance but it is not ;) Michal -- "Let him who desires peace prepare for war." -Flavius Vegetius Renatus
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4A8DDBDE.10409>