Re: [systemd-devel] Add User to group video
On Thu, May 7, 2015 at 12:30 PM, Martin Vogt mvo...@gmail.com wrote: Hello, I try to give any user rw permissions on /dev/nvidia*. Usually this is done by adding the user to group video, but here the group is configured on NIS and I cannot change it. AFAIK, secondary groups are merged from all sources, so it is possible to have the same group in both NIS and /etc/group. So my idea was, to add every user to group video during login. (Or change the permissions to 666 on /dev/nvidia*) That's possible using PAM, but see Simon's answer for a much better solution (using udev ACLs). -- Mantas Mikulėnas graw...@gmail.com ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] Add User to group video
On 07/05/15 10:30, Martin Vogt wrote: I try to give any user rw permissions on /dev/nvidia*. Usually this is done by adding the user to group video, but here the group is configured on NIS and I cannot change it. On a modern Linux system you should instead be able to tag those devices as user-accessible, as is done for the analogous nodes in the open-source video drivers in /lib/udev/rules.d/70-uaccess.rules: SUBSYSTEM==drm, KERNEL==card*|renderD*, TAG+=uaccess which results in the logged-in users (according to systemd-logind) getting device access via ACLs: % getfacl /dev/dri/card0 getfacl: Removing leading '/' from absolute path names # file: dev/dri/card0 # owner: root # group: video user::rw- user:smcv:rw- # -- this group::rw- mask::rw- other::--- See e.g. http://enotty.pipebreaker.pl/2012/05/23/linux-automatic-user-acl-management/ S ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] Add User to group video
On Thu, 07.05.15 11:30, Martin Vogt (mvo...@gmail.com) wrote: Hello, I try to give any user rw permissions on /dev/nvidia*. Usually this is done by adding the user to group video, but here the group is configured on NIS and I cannot change it. Please note that with systemd/udev we do not support setups where system groups are not available locally unconditionally. If you store system groups on NIS/LDAP or some other network service then this basically voids the warranty for systemd. Lennart -- Lennart Poettering, Red Hat ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] Add User to group video
On Thu, May 7, 2015 at 11:44 AM, Simon McVittie simon.mcvit...@collabora.co.uk wrote: On 07/05/15 10:30, Martin Vogt wrote: I try to give any user rw permissions on /dev/nvidia*. Usually this is done by adding the user to group video, but here the group is configured on NIS and I cannot change it. On a modern Linux system you should instead be able to tag those devices as user-accessible, as is done for the analogous nodes in the open-source video drivers in /lib/udev/rules.d/70-uaccess.rules: SUBSYSTEM==drm, KERNEL==card*|renderD*, TAG+=uaccess which results in the logged-in users (according to systemd-logind) getting device access via ACLs: Thanks, it works on local login, but how do I do it with ssh? http://lists.freedesktop.org/archives/consolekit/2010-February.txt ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel