From: <se...@ar...> - 2001-04-20 15:40:22
|
> > I agree with Jasper. I don't have any other "users" of my system except for my > wife, so I brute-forced it and chown/chmod'ed them by hand, but if it were a > 'public' PC (in a lab or something) his solution seems more than adequate. We > already have mechanisms like the above and /etc/fbtab that chown over devices > to users when they are physically at the console, so these ugen* devices > shouldn't be that much different. There is an assumption here that USB devices are only useful when you are on console, which I would like to avoid. This is dangerously close to Microsoft-style thinking. That being said, I see Jasper's point in that one would want to avoid having to implement SUID root merely to access /dev/ugen. However, putting on my Systems Administrator hat for a moment, I don't think the solution to this is to 666 the device entries, or chown them to the user. Instead, I suggest we 660 them, and recommend the creation of a group (call it "usb" or whatever...the name doesn't matter) to be the group owner. Then, applications that require ugen access through libusb can be SGID to this group instead of SUID root. This is much safer, and the end developer won't have to worry about dropping privs...s/he can hold on to them throughout the process lifetime. The install process can be set up to do this, also as suggested, but I recommend that we make this optional, prompting the suer for it, rather than mandatory. Again, this is the SysAdmin in me talking, who prefers not to have my base OS configuration modified without my consent. I still am curious, though, as to why ensure_ep_open() exists in freebsd.c, but has not been implemented in linux.c. Is there a reason for this inconsistency? Cheers, -+JLS -- \ carpe cavy! seagull @ aracnet.com \ http://www.aracnet.com/~seagull \ (seize the guinea pig!) |