xref: /freebsd/sbin/devfs/devfs.8 (revision f0865ec9906d5a18fa2a3b61381f22ce16e606ad)
1.\"
2.\" Copyright (c) 2002 Dima Dorfman.
3.\" All rights reserved.
4.\"
5.\" Redistribution and use in source and binary forms, with or without
6.\" modification, are permitted provided that the following conditions
7.\" are met:
8.\" 1. Redistributions of source code must retain the above copyright
9.\"    notice, this list of conditions and the following disclaimer.
10.\" 2. Redistributions in binary form must reproduce the above copyright
11.\"    notice, this list of conditions and the following disclaimer in the
12.\"    documentation and/or other materials provided with the distribution.
13.\"
14.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
15.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
16.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
17.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
18.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
19.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
20.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
21.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
22.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
23.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
24.\" SUCH DAMAGE.
25.\"
26.Dd October 18, 2023
27.Dt DEVFS 8
28.Os
29.Sh NAME
30.Nm devfs
31.Nd "DEVFS control"
32.Sh SYNOPSIS
33.Nm
34.Op Fl m Ar mount-point
35.Ar keyword
36.Ar argument ...
37.Sh DESCRIPTION
38The
39.Nm
40utility provides an interface to manipulate properties of
41.Xr devfs 4
42mounts.
43.Pp
44The rules, by default as configured by
45.Pa /etc/rc.conf ,
46are loaded at boot via the devfs
47.Xr service 8 .
48The rules can be reloaded by running the command:
49.Bd -literal -offset indent
50service devfs restart
51.Ed
52.Pp
53The
54.Ar keyword
55argument determines the context for
56the rest of the arguments.
57For example,
58most of the commands related to the rule subsystem must be preceded by the
59.Cm rule
60keyword.
61The following flags are common to all keywords:
62.Bl -tag -width 15n
63.It Fl m Ar mount-point
64Operate on
65.Ar mount-point ,
66which is expected to be a
67.Xr devfs 4
68mount.
69If this option is not specified,
70.Nm
71operates on
72.Pa /dev .
73.El
74.Ss Rule Subsystem
75The
76.Xr devfs 4
77rule subsystem provides a way for the administrator of a system to control
78the attributes of DEVFS nodes.
79.\" XXX devfs node?  entry?  what?
80Each DEVFS mount-point has a
81.Dq ruleset ,
82or a list of rules,
83associated with it.
84When a device driver creates a new node,
85all the rules in the ruleset associated with each mount-point are applied
86(see below) before the node becomes visible to the userland.
87This permits the administrator to change the properties,
88including the visibility,
89of certain nodes.
90For example, one might want to hide all disk nodes in a
91.Xr jail 2 Ns 's
92.Pa /dev .
93.Ss Rule Manipulation
94Rule manipulation commands follow the
95.Cm rule
96keyword.
97The following flags are common to all of the rule manipulation commands:
98.Bl -tag -width 15n
99.It Fl s Ar ruleset
100Operate on the ruleset with the number
101.Ar ruleset .
102If this is not specified,
103the commands operate on the ruleset currently associated with the
104specified mount-point.
105.El
106.Pp
107The following commands are recognized:
108.Bl -tag -width 15n
109.It Cm rule add Oo Ar rulenum Oc Ar rulespec
110Add the rule described by
111.Ar rulespec
112(defined below)
113to the ruleset.
114The rule has the number
115.Ar rulenum
116if it is explicitly specified;
117otherwise, the rule number is automatically determined by the kernel.
118.It Cm rule apply Ar rulenum | rulespec
119Apply rule number
120.Ar rulenum
121or the rule described by
122.Ar rulespec
123to the mount-point.
124Rules that are
125.Dq applied
126have their conditions checked against all nodes
127in the mount-point and the actions taken if they match.
128.It Cm rule applyset
129Apply all the rules in the ruleset to the mount-point
130(see above for the definition of
131.Dq apply ) .
132.It Cm rule del Ar rulenum
133Delete rule number
134.Ar rulenum
135from the ruleset.
136.It Cm rule delset
137Delete all rules from the ruleset.
138.It Cm rule show Op Ar rulenum
139Display the rule number
140.Ar rulenum ,
141or all the rules in the ruleset.
142The output lines (one line per rule) are expected to be valid
143.Ar rulespec Ns s .
144.It Cm rule showsets
145Report the numbers of existing rulesets.
146.It Cm ruleset Ar ruleset
147Set ruleset number
148.Ar ruleset
149as the current ruleset for the mount-point.
150.El
151.Ss Rule Specification
152Rules have two parts: the conditions and the actions.
153The conditions determine which DEVFS nodes the rule matches
154and the actions determine what should be done when a rule matches a node.
155For example, a rule can be written that sets the GID to
156.Dq Li operator
157for all devices of type tape.
158If the first token of a rule specification is a single dash
159.Pq Sq Fl ,
160rules are read from the standard input and the rest of the specification
161is ignored.
162.Pp
163The following conditions are recognized.
164Conditions are ANDed together when matching a device;
165if OR is desired, multiple rules can be written.
166.Bl -tag -width 15n
167.It Cm path Ar pattern
168Matches any node with a path that matches
169.Ar pattern ,
170which is interpreted as a
171.Xr glob 3 Ns -style
172pattern.
173.It Cm type Ar devtype
174Matches any node that is of type
175.Ar devtype .
176Valid types are
177.Cm disk , mem , tape
178and
179.Cm tty .
180.El
181.Pp
182The following actions are recognized.
183Although there is no explicit delimiter between conditions and actions,
184they may not be intermixed.
185.Bl -tag -width 15n
186.It Cm group Ar gid
187Set the GID of the node to
188.Ar gid ,
189which may be a group name
190(looked up in
191.Pa /etc/group )
192or number.
193.It Cm hide
194Hide the node.
195Nodes may later be revived manually with
196.Xr mknod 8
197or with the
198.Cm unhide
199action.
200Hiding a directory node effectively hides all of its child nodes.
201.It Cm include Ar ruleset
202Apply all the rules in ruleset number
203.Ar ruleset
204to the node.
205This does not necessarily result in any changes to the node
206(e.g., if none of the rules in the included ruleset match).
207Include commands in the referenced
208.Ar ruleset
209are not resolved.
210.It Cm mode Ar filemode
211Set the file mode to
212.Ar filemode ,
213which is interpreted as in
214.Xr chmod 1 .
215.It Cm user Ar uid
216Set the UID to
217.Ar uid ,
218which may be a user name
219(looked up in
220.Pa /etc/passwd )
221or number.
222.It Cm unhide
223Unhide the node.
224If the node resides in a subdirectory,
225all parent directory nodes must be visible to be able to access the node.
226.El
227.Sh IMPLEMENTATION NOTES
228Rulesets are created by the kernel at the first reference
229and destroyed when the last reference disappears.
230E.g., a ruleset is created when a rule is added to it or when it is set
231as the current ruleset for a mount-point, and
232a ruleset is destroyed when the last rule in it is deleted
233and no other references to it exist
234(i.e., it is not included by any rules and it is not the current ruleset
235for any mount-point).
236.Pp
237Ruleset number 0 is the default ruleset for all new mount-points.
238It is always empty, cannot be modified or deleted, and does not show up
239in the output of
240.Cm showsets .
241.Pp
242Rules and rulesets are unique to the entire system,
243not a particular mount-point.
244I.e., a
245.Cm showsets
246will return the same information regardless of the mount-point specified with
247.Fl m .
248The mount-point is only relevant when changing what its current ruleset is
249or when using one of the apply commands.
250.Sh FILES
251.Bl -tag -width "Pa /etc/defaults/devfs.rules" -compact
252.It Pa /etc/defaults/devfs.rules
253Default
254.Nm
255configuration file.
256.It Pa /etc/devfs.rules
257Local
258.Nm
259configuration file.
260Rulesets in here override those in
261.Pa /etc/defaults/devfs.rules
262with the same ruleset number, otherwise the two files are effectively merged.
263.It Pa /etc/devfs.conf
264Boot-time
265.Nm
266configuration file.
267.El
268.Sh EXAMPLES
269When the system boots,
270the only ruleset that exists is ruleset number 0;
271since the latter may not be modified, we have to create another ruleset
272before adding rules.
273Note that since most of the following examples do not specify
274.Fl m ,
275the operations are performed on
276.Pa /dev
277(this only matters for things that might change the properties of nodes).
278.Pp
279Specify that ruleset 10 should be the current ruleset for
280.Pa /dev
281(if it does not already exist, it is created):
282.Pp
283.Dl "devfs ruleset 10"
284.Pp
285Add a rule that causes all nodes that have a path that matches
286.Dq Li speaker
287(this is only
288.Pa /dev/speaker )
289to have the file mode 666 (read and write for all).
290Note that if any such nodes already exist, their mode will not be changed
291unless this rule (or ruleset) is explicitly applied (see below).
292The mode
293.Em will
294be changed if the node is created
295.Em after
296the rule is added
297(e.g., the
298.Pa atspeaker
299module is loaded after the above rule is added):
300.Pp
301.Dl "devfs rule add path speaker mode 666"
302.Pp
303Apply all the rules in the current ruleset to all the existing nodes.
304E.g., if the below rule was added after
305.Pa /dev/speaker
306was created,
307this command will cause its file mode to be changed to 666
308as prescribed by the rule:
309.Pp
310.Dl "devfs rule applyset"
311.Pp
312For all devices with a path that matches
313.Dq Li snp* ,
314set the file mode to 660 and the GID to
315.Dq Li snoopers .
316This permits users in the
317.Dq Li snoopers
318group to use the
319.Xr snp 4
320devices
321(quoting the argument to
322.Cm path
323is often necessary to disable the shell's globbing features):
324.Pp
325.Dl devfs rule add path "snp*" mode 660 group snoopers
326.Pp
327Add a rule to ruleset number 20.
328Since this ruleset is not the current ruleset for any mount-points,
329this rule is never applied automatically (unless ruleset 20 becomes
330a current ruleset for some mount-point at a later time):
331.Pp
332.Dl "devfs rule -s 20 add type disk group wheel"
333.Pp
334Explicitly apply all rules in ruleset number 20 to the DEVFS mount on
335.Pa /my/jail/dev .
336It does not matter that ruleset 20 is not the current ruleset for that
337mount-point; the rules are still applied:
338.Pp
339.Dl "devfs -m /my/jail/dev rule -s 20 applyset"
340.Pp
341Since the following rule has no conditions, the action
342.Pq Cm hide
343will be applied to all nodes:
344.Pp
345.Dl "devfs rule apply hide"
346.Pp
347Since hiding all nodes is not very useful, we can undo it.
348The following applies
349.Cm unhide
350to all the nodes,
351causing them to reappear:
352.Pp
353.Dl "devfs rule apply unhide"
354.Pp
355Add all the rules from the file
356.Pa my_rules
357to ruleset 10:
358.Pp
359.Dl "devfs rule -s 10 add - < my_rules"
360.Pp
361The below copies all the rules from ruleset 20 into ruleset 10.
362The rule numbers are preserved,
363but ruleset 10 may already have rules with non-conflicting numbers
364(these will be preserved).
365Since
366.Cm show
367outputs valid rules,
368this feature can be used to copy rulesets:
369.Pp
370.Dl "devfs rule -s 20 show | devfs rule -s 10 add -"
371.Sh SEE ALSO
372.Xr chmod 1 ,
373.Xr jail 2 ,
374.Xr glob 3 ,
375.Xr devfs 4 ,
376.Xr devfs.conf 5 ,
377.Xr devfs.rules 5 ,
378.Xr chown 8 ,
379.Xr jail 8 ,
380.Xr mknod 8 ,
381.Xr service 8
382.Sh HISTORY
383The
384.Nm
385utility first appeared in
386.Fx 5.0 .
387.Sh AUTHORS
388.An Dima Dorfman
389