Hello Guys !
QUESTION.
Plugging a usb pen drive into PC, I want:
1 - the generic group Imaging has absolute control of it
2 – Imaging and only Imaging's user can read the device
SOLUTION.
If you want that devices created when a USB storage drive is connected need to be accessible by the user for a task (for example read-only them), the solution is to make all users of these devices members of a group.
Once the devices are created, the group should be able to execute the task (i.e. only read them). This is accomplished by adding the following two line to /etc/defaults/devfs.rules (all users can manage a USB drive if they are in the group):
[devfsrules_dev_usb_ro=7]
add path 'da*' mode 0400 group operator
In this way the seventh ruleset has only one rule that assigns all device nodes with a node name beginning with da to the users of the group and read-only permissions: r--------.
Note 1: If there already are SCSI disks in the system, it must be done a bit different. E.g., if the system already contains disks da0 through da2 attached to the system, change the second line as follows:
add path 'da[3-9]*' mode 0400 group operator
This will exclude the already existing disks from belonging to the operator group.
You also have to enable your devfs.rules(5) ruleset at boot in your /etc/rc.conf file:
#devfs_system_ruleset=" devfsrules_dev_usb_ro "
BIBLIOGRAPHY.
FreeBSD Handbook - 17.4.1. Device Configuration, pag. 306
TEST.
See attached picture.
Thanks very much.
Bye bye !
QUESTION.
Plugging a usb pen drive into PC, I want:
1 - the generic group Imaging has absolute control of it
2 – Imaging and only Imaging's user can read the device
SOLUTION.
If you want that devices created when a USB storage drive is connected need to be accessible by the user for a task (for example read-only them), the solution is to make all users of these devices members of a group.
Once the devices are created, the group should be able to execute the task (i.e. only read them). This is accomplished by adding the following two line to /etc/defaults/devfs.rules (all users can manage a USB drive if they are in the group):
[devfsrules_dev_usb_ro=7]
add path 'da*' mode 0400 group operator
In this way the seventh ruleset has only one rule that assigns all device nodes with a node name beginning with da to the users of the group and read-only permissions: r--------.
Note 1: If there already are SCSI disks in the system, it must be done a bit different. E.g., if the system already contains disks da0 through da2 attached to the system, change the second line as follows:
add path 'da[3-9]*' mode 0400 group operator
This will exclude the already existing disks from belonging to the operator group.
You also have to enable your devfs.rules(5) ruleset at boot in your /etc/rc.conf file:
#devfs_system_ruleset=" devfsrules_dev_usb_ro "
BIBLIOGRAPHY.
FreeBSD Handbook - 17.4.1. Device Configuration, pag. 306
TEST.
See attached picture.
Thanks very much.
Bye bye !