Home | News | Download | Packages | Forum | Wiki | Github

Best way to change permissions of special linux device file at boot time


#1

What’s the recommended way of changing the permissions for special device files like /sys/class/backlight/intel_backlight/brightness at boot time?


#2

eehh, why?


#3

I don’t know exactly, but sysfs is created by the kernel at boot. There is a lot of documentation contained in the kernel source package itself.
e.g.
http://elixir.free-electrons.com/linux/latest/source/Documentation/filesystems/sysfs.txt
This file doesn’t say how to do that though, unless you wanted to modify the kernel code for the creation of the file, and build a custom kernel (or possibly only a kernel module, which would be more practical).
There are some user modifiable scripts in the runit boot sequence where a chmod could be tried too.


#4

Okay, I guess I meant at init. It doesn’t have to happen super early. I just added a line to my /etc/rc.local for this purpose. Trying to keep my install clean so I was wondering if there was another recommended way for doing this, but this works


#5

Thinking about it, this is a good point. The recommended way would probably to create temporary privilege escalation for the app that needs to access this file, using Pam or something like here:

A user modifiable backlight could be manipulated by malware. :grinning: If all that is permitted is that a particular app can access that particular file at a certain point in it’s code using facilities which have been especially developed to be secure then it becomes much safer.

Extra files can be added to /etc/runit/core-services if you did want to run early, but it would need to be at least 01 because 00-pseudofs.sh mounts sys.


(Michael Aldridge) #6

Don’t muck about in the sysfs, you can cause actual hardware damage by writing things there if you don’t fully understand what they do. If you wish to control the backlight, there are many programs to do so, perhaps you would like xbacklight (suitable for scripts) or one of the myriad of frontends available with a DE?


#7
  1. Create a new group (‘backlight’ for eg)
  2. Make an rc.local script that changes the ownership from root:root to root:backlight, and the permissions to rw-rw-r-- (0664)
  3. Add your app to the backlight group

(Michael Aldridge) #8

@JodiTheTigger bad idea.

If you must muck about with device node permissions, the correct way to do that is with udev rules. Just write a new rule and put it in the rules.d/ directory. In general devices are granted to the plugdev group and your user should be a member of that.

For a backlight though I’d probably make it available to the ‘video’ group.