[ubuntu] Permanent ACL on removable device? [Archive]

View Full Version : [ubuntu] Permanent ACL on removable device?

wiresquire

July 14th, 2009, 04:22 AM

Hi

I have a usb tv-tuner device that also can do fm radio.
When inserted, the tv device is correctly set up with an ACL (with me in it!) on /dev/video1. And it works!

It also sets up /dev/radio0 for the radio, but no ACL is set up, and only root can access it. I can set the ACL manually using setfacl (sudo setfacl -m u:wiresquire:rw /dev/radio0) and everything works, but when the device is removed, the ACL is lost. When I reinsert it, I'm back at square one. I could also 'cheat' and add myself to a group, but I'd rather have it consistent.

So, I would like to set up an ACL for /dev/radio0 when the device is inserted that is permanent.

I've searched and seen some mention about udev etc, but that's when I start to get rather lost.

Can anyone help with some simple instructions/steps on how to do this?

TIA
ws

bodhi.zazen

July 14th, 2009, 12:28 PM

You will probably need to make an entry in fstab for the removable device and manually mount it.

How to fstab - Ubuntu Forums (http://ubuntuforums.org/showthread.php?&t=283131)

In the options column (4th column) add the options (as well as any others you wish):

user,acl

wiresquire

July 14th, 2009, 07:52 PM

Thanks for the reply, but it's a removable usb tv tuner, not a stick, disk etc. AFAICT, it has no filesystem, and so fstab is not relevant?

ws

shaggy999

July 16th, 2009, 01:50 PM

Yeah, fstab is not relavent. But I think what you need to do is come up with a custom udev rule. Do a search for it. Hope this helps.

Just found this bit on the udev site:

udev allows you to use additional assignments in rules to control ownership and permission attributes on each device.

The GROUP assignment allows you to define which Unix group should own the device node. Here is an example rule which defines that the video group will own the framebuffer devices:

KERNEL=="fb[0-9]*", NAME="fb/%n", SYMLINK+="%k", GROUP="video"

The OWNER key, perhaps less useful, allows you to define which Unix user should have ownership permissions on the device node. Assuming the slightly odd situation where you would want john to own your floppy devices, you could use:

KERNEL=="fd[0-9]*", OWNER="john"

udev defaults to creating nodes with Unix permissions of 0660 (read/write to owner and group). If you need to, you can override these defaults on certain devices using rules including the MODE assignment. As an example, the following rule defines that the inotify node shall be readable and writable to everyone:

KERNEL=="inotify", NAME="misc/%k", SYMLINK+="%k", MODE="0666"