You are not logged in.
- Topics: Active | Unanswered
#1 2017-01-14 00:52:23
- jebe
- Member
- Registered: 2015-08-09
- Posts: 2
Gaining unprivileged access to the backlight device with uaccess
I was trying out acpilight today, which sets the brightness by writing to /sys/class/backlight/%k/brightness. That file belongs to root, but I would like to be able to run acpilight without sudo.
There is a udev rule file in the acpilight git repository (https://github.com/wavexx/acpilight/blo … ight.rules) which works by making the brightness file writable for the video group.
If I understood this article right, adding my user to the video group is discouraged. Instead I tried to add a udev rule that adds the uaccess tag to the backlight device to give the active user (me) unprivileged write access.
> cat /etc/udev/rules.d/71-backlight.rules
SUBSYSTEMS=="backlight", TAG+="uaccess"When testing it, the uaccess tag does appear with the backlight device
> udevadm test /class/backlight/intel_backlight/
This program is for debugging only, it does not run any program
specified by a RUN key. It may show incorrect results, because
some values may be different, or not available at a simulation run.
ACTION=add
DEVPATH=/devices/pci0000:00/0000:00:02.0/drm/card0/card0-LVDS-1/intel_backlight
ID_FOR_SEAT=backlight-pci-0000_00_02_0
ID_PATH=pci-0000:00:02.0
ID_PATH_TAG=pci-0000_00_02_0
SUBSYSTEM=backlight
SYSTEMD_WANTS=systemd-backlight@backlight:intel_backlight.service
TAGS=:seat:systemd:uaccess:
USEC_INITIALIZED=4889530But there is no acl entry for my user account and I cannot write to the file
> getfacl /sys/class/backlight/intel_backlight/brightness
getfacl: Removing leading '/' from absolute path names
# file: sys/class/backlight/intel_backlight/brightness
# owner: root
# group: root
user::rw-
group::r--
other::r--I feel like trial and error does not get me anywhere past this point and I had a hard time finding good resources about udev with uaccess and logind. I fully agree with this issue I found on github https://github.com/systemd/systemd/issues/4288
Offline
#2 2017-01-14 10:29:01
- xvzf
- Member
- Registered: 2014-05-18
- Posts: 86
Re: Gaining unprivileged access to the backlight device with uaccess
You can write a small program, put it in /usr/local/bin or anywhere in your path, set user and group to root and after that, use the setuid so it executes with the owners permission.
If you need more info, just ask!
Offline
#3 2017-01-14 17:43:57
- jebe
- Member
- Registered: 2015-08-09
- Posts: 2
Re: Gaining unprivileged access to the backlight device with uaccess
Thanks for the idea, writing a setuid wrapper for acpilight indeed works. I don't think that's a good solution in this case though, because acpilight is written in Python.
I also found https://github.com/haikarainen/light which does the same thing, but is written in C and already sets suid on its binary during installation. I guess I will use that for now, but I am still really interested in my uaccess problem and would be glad if anybody could shine some light on it.
I find it incredibly frustrating that systemd has been around for such a long time and groups have been deprecated for years, but I have no clue how to use systemd in that regard, let alone find good documentation.
Offline
#4 2017-07-08 20:05:15
- zwa
- Member
- Registered: 2005-12-05
- Posts: 105
Re: Gaining unprivileged access to the backlight device with uaccess
I stumbled onto this very same problem, any fresh ideas?
Offline