Very fine grained permissions on device file

Giacomo Ritucci · 2010-08-25 21:21:27

I want to use a SDHC card as a raw virtualbox disk. My aim is to be able to boot from the SDHC card either from virtualbox or directly.

The problem is that VirtualBox needs read/write permissions on the device file, and I don't like the idea to chmod 666 /dev/sd* or to add my user to the "disk" group.

I'd prefer to:

use acls to add the vboxusers group with rw permissions to the device node's access control list
find a way to uniquely identify the sdhc disk (UUID?) in order to enable the acl thing only for that specific disk (permissions of other hard disks should not be affected)
automate this process when the device node is created (udev?)

Is this possible or I'm drunk?

Some ideas to get started?

Mr.Elendig · 2010-08-26 20:52:51

Write some udev rules?

Giacomo Ritucci · 2010-08-27 17:28:31

I searched some udevs guides and some tutorials but I can't find a way to use ACLs in udev rules.

djgera · 2010-08-27 17:57:31

If you login a session in consolekit, then: use TAG+="udev-acl" in the udev rule (for personal usage this is good, TAG+="udev-acl" is private to 70-acl.rules )

for example (i do not know nothing about that device, I suppose device kernel name "sdhc")

/etc/udev/rules.d/69-my-sdhc.rules (number is important)

KERNEL=="sdhc", TAG+="udev-acl"

All users logged in via console can access to that device.

Giacomo Ritucci · 2010-08-28 22:39:25

Thanks, I'll give it a try.

Arch Linux

#1 2010-08-25 21:21:27

Very fine grained permissions on device file

#2 2010-08-26 20:52:51

Re: Very fine grained permissions on device file

#3 2010-08-27 17:28:31

Re: Very fine grained permissions on device file

#4 2010-08-27 17:57:31

Re: Very fine grained permissions on device file

#5 2010-08-28 22:39:25

Re: Very fine grained permissions on device file

Board footer