Re: lircd daemon as regular user => device access problems
- Date: Sat, 11 Feb 2017 09:29:39 +0000
- From: Bastien Roucaries <roucaries.bastien@xxxxxxxxx>
- Subject: Re: lircd daemon as regular user => device access problems
Le 10 février 2017 16:13:15 GMT+01:00, Alec Leamas <leamas.alec@xxxxxxxxx> a écrit :
>After some work it seems that an updated LIRC package has landed in
>stretch without any major problems. This resolves the urgent need to
>update it to something recent enough to be supported by upstream.
>One remaining problem is that lircd, the main LIRC daemon, runs as
>This is code from the 90's, heavily user-configured. Running this as
>root is just not sane, and other distros has moved to running it as a
>regular user since long. I want to make this change for sid/buster.
>However, running lircd as non-root raises permissions problems related
>to /dev/... devices. Since lircd is configured in all sorts of ways,
>many kinds of devices are potentially used. The paranoid configuration
>is to block all devices for lircd, leaving it to user to enable them as
>required. This is a breaking update for almost all users.
>The alternative is to use the Fedora strategy, outlined below. This
>means changing overall permissions for several /dev/... devices. Is
>OK, should it be discussed on this ML, or somewhere else?
>Proposed /dev/ permissions after installing lirc:
>- The /dev/lirc? devices are set user:group lirc:lirc and mode 660
>- The lirc user is added to the input group, to access /dev/input
>- The lirc user is added to the dialout group to access /dev/ttyS
>- The /var/lock dir is root:root 755 in my stretch box but this is
>seemingly #813703; assuming this will be fixed to 1777.
>- lirc user gets read access to all USB character devices using a udev
>rule invoking facl(1).
>I know that getting permission is harder than to be forgiven, but
>perhaps it makes sense to have a discussion first?
>The possibly controversial issue is the USB devices. However, without
>this rule a large part of lirc users will be forced to painful udev
Can we list USB device needed (whitelist) ?
Envoyé de mon appareil Android avec K-9 Mail. Veuillez excuser ma brièveté.