Set device permissions for logged in users

I need to give rw permissons to /dev/ttyS0 for every user that logs in. With SuSE 10.3 I was using resmgr for settings ACLs that way. Now it has disappeared from SuSE 11.2. Should I use HAL, PolicyKit, DeviceKit…? Can somebody explain how this task is supposed to work under SuSE 11.2?

I was trying to use hal-acl-tool, but this executable is missing in /usr/lib/hal/ in my installations of SuSE 11.2. Apparently in SuSE 11.1 it was still packaged. Is this a Bug in SuSE 11.2?

I think this must be done with an udev rule.

When this blunt remark from mine is not enough to get you going (not everybody knows much about udev), post back. I am also not a guru, but a few days ago I could help somebody else, so who knows?

I couln’t resist looking into it.

All as root of course.
Goto /etc/udev/rules.d
Create a file 10-local.rules (using *vi *e.g.).
Put the following line into it:

KERNEL=="ttyS0" MODE="0666"

Reboot and check. (I did not test it, but a similar case worked).

Thanks, but what I want to do is a bit different, I may have expressed this inaccurately. I want to give rw access to /dev/ttyS0 to user “X” whenever user “X” logs in, and remove this permission when he logs out. When the computer starts, user “X” should have initially no permission to the device until he/she logs in. Apparently there is a mechanism that uses ConsoleKit triggering a call to udev-acl, but I did not manage to have it working yet. I am supposing now that this implies defining a rule

KERNEL==“ttyS*”, ENV{ACL_MANAGE}=“1”

following the example of /lib/udev/rules.d/70-acl.rules

Now, if I write such a rule in /etc/udev/rules.d/10-serialport.rules and execute /etc/init.d/boot.udev restart to reload the rules, then test it using “udevadm test /dev/char/4:64” (for ttyS0), I get in the output:


udevadm_test: UDEV_LOG=6
udevadm_test: DEVPATH=/devices/pnp0/00:09/tty/ttyS0
udevadm_test: MAJOR=4
udevadm_test: MINOR=64
udevadm_test: DEVNAME=/dev/ttyS0
udevadm_test: ACTION=add
udevadm_test: ACL_MANAGE=1
udevadm_test: SUBSYSTEM=tty
udevadm_test: DEVLINKS=/dev/char/4:64
udevadm_test: run: ‘udev-acl --action=add --device=/dev/ttyS0’
udevadm_test: run: ‘socket:@/org/freedesktop/hal/udev_event’

So it seems to run udev-acl, but there is no effect on ACLs of the device. I was expecting to get ACLs added for the currently logged in users.

I think this is a bit to much for me, I am not that good in this combination of udev and ACLs. But I admit that what you describe here is completely different from what you asked for earlier.

I am still not sure that I understand you.
First you talk about one user X that should have acess when he logs in (This one I do already not understand, what is the problem when X has this access when he is not even loged in?).

Later you talk about ACLs added for users currently loged in. Or do you mean several instances of X loged in at the same moment in time? But the last is nonsense. When X has access, he has access from all his sessions.

I hope others do better understand what you try to achieve.

See https://bugzilla.novell.com/show_bug.cgi?id=558720

It seems to be feasible only for local sessions, and not for remote ones. This is in my opinion a serious regression… so I will really have to compile my hal-acl-tool myself or hack udev-acl. :frowning: