On Sat, Mar 19, 2016 at 11:29:09AM +0100, Martin Husemann wrote: > On Sat, Mar 19, 2016 at 08:45:59AM +0000, Michael van Elst wrote: > > That's a can of worms. You don't even know what a particular ugen* > > device is until you opened and queried it. > > Here is my original suggestion: > > http://mail-index.netbsd.org/tech-userlevel/2015/10/25/msg009389.html
Changing ownerships of the filesystem entries isn't sufficient. After all some ugen* can be changed quickly. I'd prefer either some separate ACLs specific to USB devices or even some generic device property that could be maintained using drvctl. The ACL would be evaluated in addition to filesystem permissions and would match attributes like class/vendor/product/serial/... The driver and/or a sysctl setting could determine how an empty ACL is handled, probably defaulting to the current behaviour. Greetings, -- Michael van Elst Internet: mlel...@serpens.de "A potential Snark may lurk in every tree."