[arch-dev-public] make nvram world-readable?
i'd like to change the nvram device permissions rule in udev.rules we provide. at the moment the line in /etc/udev/rules.d/udev.rules is the following: KERNEL=="nvram", NAME="misc/%k", SYMLINK+="%k" what leads to [damir@Apollon dev]$ ls -la /dev/misc/nvram crw-rw---- 1 root root 10, 144 2007-08-17 18:40 /dev/misc/nvram being not accessible otherwise than root. and i want to change it to KERNEL=="nvram", NAME="misc/%k", SYMLINK+="%k" MODE="0666" so that any app or user can read nvram. this is needed by some tools for some hardware (e.g. thinkpads and buttons). alternatively i would allow only group to read it and have a group called nvram. what do you think? i know that everybody having a thinkpad is changing permissions to nvram device on arch boxes the one or other way... lets settle this the right way at the root ;) thanx + have a nice weekend, Damir (from the new laptop - almost running as i want it *smile*)
On Sat, Aug 18, 2007 at 02:24:15AM -0700, Damir Perisa wrote:
i'd like to change the nvram device permissions rule in udev.rules we provide.
at the moment the line in /etc/udev/rules.d/udev.rules is the following:
KERNEL=="nvram", NAME="misc/%k", SYMLINK+="%k"
what leads to
[damir@Apollon dev]$ ls -la /dev/misc/nvram crw-rw---- 1 root root 10, 144 2007-08-17 18:40 /dev/misc/nvram being not accessible otherwise than root.
and i want to change it to
KERNEL=="nvram", NAME="misc/%k", SYMLINK+="%k" MODE="0666"
Whats wrong with creating your own custom rules? There is no universal setup appropriate for all users. I think the default setting is OK for most users: NVRAM can also store bios passwords. Adding a new group would mean ".pacnew merging" again for a group most of us don't need. Jürgen
Saturday 18 August 2007, Jürgen Hötzel wrote: | Whats wrong with creating your own custom rules? There is no | universal setup appropriate for all users. I think the default | setting is OK for most users: NVRAM can also store bios passwords. | Adding a new group would mean ".pacnew merging" again for a group | most of us don't need. custom rules are nice if needed. but if there is a need for a rule by more than one person (e.g. all thinkpad users), it should be already there as a hint. by my knowledge you cannot specify an override to rules in udev.rules so either you change it (and addapt changes from .pacnew files ;) ) or you use an override that is out of udev (e.g. in rc.local you can change permissions with chmod). i know from several people workarounds to the "make nvram readable to the user" but i'd like to somehow make it more unified. i didn't know that bios passwds are stored in nvram in plain. if so, we should definitely make nvram device only readable by root and a group called nvram. users who need then readability of nvram can be added to this group. any objections to the group nvram solution? - D
Damir Perisa schrieb:
by my knowledge you cannot specify an override to rules in udev.rules so either you change it (and addapt changes from .pacnew files ;) )
I think you can. It worth a try.
Saturday 18 August 2007, Thomas Bächler wrote: | Damir Perisa schrieb: | > by my knowledge you cannot specify an override to rules in | > udev.rules so either you change it (and addapt changes from | > .pacnew files ;) ) | | I think you can. It worth a try. oh... cool, it does override permissions. i've written a 10-thinkpad.rules for nvram for thinkpads. udev.rules stays :) thanx - D
On 8/19/07, Damir Perisa <damir.perisa@solnet.ch> wrote:
Saturday 18 August 2007, Jürgen Hötzel wrote: | Whats wrong with creating your own custom rules? There is no | universal setup appropriate for all users. I think the default | setting is OK for most users: NVRAM can also store bios passwords. | Adding a new group would mean ".pacnew merging" again for a group | most of us don't need.
custom rules are nice if needed. but if there is a need for a rule by more than one person (e.g. all thinkpad users), it should be already there as a hint.
by my knowledge you cannot specify an override to rules in udev.rules so either you change it (and addapt changes from .pacnew files ;) ) or you use an override that is out of udev (e.g. in rc.local you can change permissions with chmod). i know from several people workarounds to the "make nvram readable to the user" but i'd like to somehow make it more unified.
i didn't know that bios passwds are stored in nvram in plain. if so, we should definitely make nvram device only readable by root and a group called nvram. users who need then readability of nvram can be added to this group.
any objections to the group nvram solution?
- D
I personally like Arch and the minimal number of groups we have by default. This seems unnecessary and non-KISS to me for something I'd never use so don't want to be bothered with either. -Dan
participants (4)
-
Damir Perisa
-
Dan McGee
-
Jürgen Hötzel
-
Thomas Bächler