Alexander E. Patrakov wrote:
> Bruce Dubbs wrote:
>
>> From this discussion, is seems there needs to be a separate group for
>> each device and users be given appropriate permissions for those
>> devices. This seems to be a general security administration issue, not
>> a LFS or BLFS issue. It may be appropriate for HLFS.
>
> While I disagree (and I was actually going to implement this for
> scanners and
> cameras), let's implement this your way. Let the "usb" group stay. The
> current
> BLFS rule SUBSYSTEM=="usb_device", GROUP="usb" does just that. However,
> I want
> to see text that is going to be added to HLFS in order to override this
> (and I
> am not subscribed to HLFS lists).
Well its not "my" way, but I understand where you are going.
>> Perhaps this should be covered in a section called "Removable Devices
>> and Security." Do I have any volunteers to write it?
>
> Maybe. Let's first address the "how are readers going to find the note
> about
> VMware and /proc/bus/usb" issue first. Summary: the text is good, the
> place is
> wrong.
>
> Proposal: create a new page (in post-lfs configuration?) with the title:
> "Access
> to USB devices" and move libusb configuration to there (of course, with
> a link
> from libusb to this new page). Proposed contents:
Most of contents are deleted. I understand what you wrote and it seems
reasonable, but I think it is limited. What about ieee1394? pcmcia? I
don't know if serial or parallel ports are considered removable devices
or not. There is also the floppy and/or cdrom on some laptops.
Also, does udev address other events like closing a laptop lid? I'm not
sure about this, but if udev doesn't address it, what does?
I think if we are going to address removable devices, we need to mention
the entire spectrum at least at a high level.
> Fine-tunuing of permissions is possible by creating extra udev rules,
> matching
> on something like this (on one line). The vendor and product can be
> found by
> searchng the /sys/devices directory entries after the device has been
> attached.
>
> SUBSYSTEM=="usb_device", SYSFS{idVendor}=="05d8", SYSFS{idProduct}=="4002",
> GROUP:="scanner"
Shouldn't this also have SYMLINK="scanner" or similar?
-- Bruce
--
http://linuxfromscratch.org/mailman/listinfo/blfs-dev
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page
