creating dynamic access control lists for a device: systemd and udev

Ian Malone ibmalone at
Sat Mar 24 19:01:42 UTC 2012


I put in a RFE for
a udev rule for the Fender Mustang amplifier and got a very quick
response from Kay Sievers (some needs to tell RedHat about weekends).
Obviously things have moved on since I last looked at permissions and
their use with devices. Anyway his answer was this:

Systemd/udev offers to assign dynamic access control lists to device
nodes, which are only added when the user's login is active/in the
foreground. For that to work, a name ID_<some name> for the device
class needs to be found, this property needs to be set by the rules,
then added to the systemd file, and logged-in users with active
session will get access the the device.

The rules file can be a single line like:
  SUBSYSTEM=="usb", ENV{DEVTYPE}=="usb_device", \
    ATTRS{idVendor}=="1ed8", ATTRS{idProduct}=="000[456]" \

The matching shown is for the device, what I don't know is how to
choose the ID_<some_name> to set; whether there are existing ones that
might be appropriate or whether I need to create a unit in systemd and
a new ID_ for it. The software that needs this is currently packaged
by someone as RPM for SUSE and Fedora, but I'd hope it could
eventually be moved into Fedora and getting these rules right would be
a step towards that.

Thanks for your time.

More information about the devel mailing list