xref: /illumos-gate/usr/src/man/man5/logindevperm.5 (revision 8119dad84d6416f13557b0ba8e2aaf9064cbcfd3)
te
Copyright (c) 2008, Sun Microsystems, Inc.
The contents of this file are subject to the terms of the Common Development and Distribution License (the "License"). You may not use this file except in compliance with the License.
You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing. See the License for the specific language governing permissions and limitations under the License.
When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE. If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner]
LOGINDEVPERM 5 "Sep 25, 2008"
NAME
logindevperm, fbtab - login-based device permissions
SYNOPSIS

/etc/logindevperm
DESCRIPTION

The /etc/logindevperm file contains information that is used by login(1) and ttymon(8) to change the owner, group, and permissions of devices upon logging into or out of a console device. By default, this file contains lines for the keyboard, mouse, audio, and frame buffer devices.

The owner of the devices listed in /etc/logindevperm is set to the owner of the console by login(1). The group of the devices is set to the owner's group specified in /etc/passwd. The permissions are set as specified in /etc/logindevperm.

If the console is /dev/vt/active, the owner of the devices is the first user logged in on the consoles (/dev/console or /dev/vt/#). Upon this first user's logout the owner and group of these devices is reset by ttymon(8) to owner root and root's group as specified in /etc/passwd.

Fields are separated by a TAB or SPACE characters. Blank lines and comments can appear anywhere in the file; comments start with a hashmark, (#), and continue to the end of the line.

The first field specifies the name of a console device (for example, /dev/console). By default, it is /dev/vt/active, which points to the current active console, including /dev/console and all virtual consoles (/dev/vt/#). The second field specifies the permissions to which the devices in the device_list field (third field) are set. These permissions must be expressed in octal format, for example, 0774. A device_list is a colon-separated list of device names. A device name must be a /dev link.

A directory or logical name in the device name can be either one of the following:

A fully qualified name, for example, fbs.

A regular expression, for example, [a-z0-9.]+. See regexp(7) for more information on regular expressions.

The wildcard character * specifying all directory or node names (except . and .., for example, /dev/fbs/* specifies all frame buffer devices.

Some examples of /etc/logindevperm file entries include:

/dev/usb/[0-9a-f]+[.][0-9a-f]+/[0-9]+/[a-z0-9.]+
/dev/usb/[0-9a-f]+[.][0-9a-f]+/[0-9]+/*
/dev/usb/[0-9a-f]+[.][0-9a-f]+/*/*

Specify all ugen(4D) endpoints and status nodes.

Drivers can also be specified to limit the permission changes to minor nodes owned by the specified drivers. For example,

/dev/console 0600 /dev/usb/[0-9a-f]+[.][0-9a-f]+/[0-9]+/* \e
driver=usb_mid,scsa2usb,usbprn # libusb devices

Due to the persistence of devfs(4FS) minor node management, the user should be logged in as root if the list of minor nodes will be reduced and the devices should all be plugged in.

Once the devices are owned by the user, their permissions and ownership can be changed using chmod(1) and chown(1), as with any other user-owned file.

Upon logout the owner and group of these devices are reset by ttymon(8) to owner root and root's group as specified in /etc/passwd (typically other). The permissions are set as specified in the /etc/logindevperm file.

FILES
/etc/passwd

File that contains user group information.

SEE ALSO

chmod (1), chown (1), login (1), ugen (4D), passwd (5), regexp (7), ttymon (8)

NOTES

/etc/logindevperm provides a superset of the functionality provided by /etc/fbtab in SunOS 4.x releases.