Hi there. I'm the current Debian devfsd maintainer. As you may or may not know, the current devfsd package parses the /sbin/MAKEDEV script in its build procedure to generate a standard list of permissions for devices (one of the main functions of devfsd is to control the permissions of the automatically generated devices in /dev).
Anyway, this is somewhat inconvenient; it produces a large file and requires a couple of hacks to the current devfsd (since the old device filenames and the new "devfs" names are different, I needed to add symlink following code), although I've emailed the upstream maintainer about integrating these hacks. So, I think a better way to proceed would be to unify the device permissions between makedev and devfsd, probably by creating a new part of debian-policy on the ownership and mode of devices in the system. I'm not really sure what would be practical here; ideally the devfs-based system and the non-devfs-based system would act identically. However, devfs gives the sysadmin and the packagers a lot more power over permissions. For example, we can set the group specifically for ide-cd devices to cdrom for example (since the "real" filename is .../cd, not just /dev/hdc or something). The policy needn't be too specific; I think statements like "hard disks should be owned root.disk, mode 0660" are specific enough. Here's a rough draft list based on the devices in my system and the first few lines of /sbin/MAKEDEV: Hard disks, disk partitions, ramdisks root.disk 0660 CD-ROM devices root.cdrom 0660 Floppy devices root.floppy 0660 Tape devices root.tape 0660 Terminal devices [1] root.tty 0666 /dev/console root.tty 0622 Sound devices root.audio 0660 V4L devices[2], /dev/3dfx, /dev/agpgart root.video 0660 lp (parallel line printer) devices root.lp 0660 /dev/kmem, /dev/mem, /dev/port root.kmem 0640 Special devices (/dev/zero, /dev/null, /dev/full) root.root 0666 Various sockets and pipes (/dev/log etc.) root.root 0666 /dev/psaux root.root 0660 /dev/urandom, /dev/random root.root 0444 OBviously this list is nothing like complete; I'd appreciate some help completing it, then I will make a policy draft for it. [1] Virtual consoles (ttyxx), pseudo-ttys, serial devices [2] Curiously includes radio-receiver devices (group video not audio) [forgive me (but please say so) if this belongs on debian-policy; I'm a bit ignorant about the exact function of that list and don't read it myself] -- Tom Lees <[EMAIL PROTECTED]> <[EMAIL PROTECTED]> <[EMAIL PROTECTED]> -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]