Re: [systemd-devel] Add User to group "video"
On Thu, 07.05.15 11:30, Martin Vogt (mvo...@gmail.com) wrote: > Hello, > > I try to give any user rw permissions on /dev/nvidia*. > > Usually this is done by adding the user to group "video", but > here the group is configured on NIS and I cannot change it. Please note that with systemd/udev we do not support setups where system groups are not available locally unconditionally. If you store system groups on NIS/LDAP or some other network service then this basically "voids the warranty" for systemd. Lennart -- Lennart Poettering, Red Hat ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] Add User to group "video"
On Thu, May 7, 2015 at 11:44 AM, Simon McVittie < simon.mcvit...@collabora.co.uk> wrote: > On 07/05/15 10:30, Martin Vogt wrote: > > I try to give any user rw permissions on /dev/nvidia*. > > > > Usually this is done by adding the user to group "video", but > > here the group is configured on NIS and I cannot change it. > > On a modern Linux system you should instead be able to tag those devices > as user-accessible, as is done for the analogous nodes in the > open-source video drivers in /lib/udev/rules.d/70-uaccess.rules: > > SUBSYSTEM=="drm", KERNEL=="card*|renderD*", TAG+="uaccess" > > which results in the logged-in users (according to systemd-logind) > getting device access via ACLs: > Thanks, it works on local login, but how do I do it with ssh? http://lists.freedesktop.org/archives/consolekit/2010-February.txt ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] Add User to group "video"
On Thu, May 7, 2015 at 12:30 PM, Martin Vogt wrote: > Hello, > > I try to give any user rw permissions on /dev/nvidia*. > > Usually this is done by adding the user to group "video", but > here the group is configured on NIS and I cannot change it. > AFAIK, secondary groups are merged from all sources, so it is possible to have the same group in both NIS and /etc/group. > So my idea was, to add every user to group "video" during > login. (Or change the permissions to 666 on /dev/nvidia*) > That's possible using PAM, but see Simon's answer for a much better solution (using udev ACLs). -- Mantas Mikulėnas ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] Add User to group "video"
On 07/05/15 10:30, Martin Vogt wrote: > I try to give any user rw permissions on /dev/nvidia*. > > Usually this is done by adding the user to group "video", but > here the group is configured on NIS and I cannot change it. On a modern Linux system you should instead be able to tag those devices as user-accessible, as is done for the analogous nodes in the open-source video drivers in /lib/udev/rules.d/70-uaccess.rules: SUBSYSTEM=="drm", KERNEL=="card*|renderD*", TAG+="uaccess" which results in the logged-in users (according to systemd-logind) getting device access via ACLs: % getfacl /dev/dri/card0 getfacl: Removing leading '/' from absolute path names # file: dev/dri/card0 # owner: root # group: video user::rw- user:smcv:rw- # <-- this group::rw- mask::rw- other::--- See e.g. http://enotty.pipebreaker.pl/2012/05/23/linux-automatic-user-acl-management/ S ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
[systemd-devel] Add User to group "video"
Hello, I try to give any user rw permissions on /dev/nvidia*. Usually this is done by adding the user to group "video", but here the group is configured on NIS and I cannot change it. So my idea was, to add every user to group "video" during login. (Or change the permissions to 666 on /dev/nvidia*) Changing the permission with udev seems not to be possible, my experiments showed that writing a udev.rule like 99-z-nvidia.rules: KERNEL=="nvidia*", MODE="0777" is not executed at all. I always end up with MODE="0660". So is there a possibilty that every users who logs in, gets the group video? regards, Martin ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
