Discussion:
rtl-sdr: udev rules tightening
Jaroslav Skarvada
2014-07-01 09:44:42 UTC
Permalink
Hi,

I think it can be a good idea to tighten the permissions in
the udev rules a bit. In Fedora we use rtlsdr group
for users authorized to access the HW, i.e. the following:

sed -i 's/MODE:="0666"/GROUP:="rtlsdr", MODE:="0660"/' ../rtl-sdr.rules

Maybe a bit annoying on single user desktop, but definitely
a good security practice for fine grained access to resources
especially on servers

thanks & regards

Jaroslav
Adam Nielsen
2014-07-01 10:09:41 UTC
Permalink
Post by Jaroslav Skarvada
I think it can be a good idea to tighten the permissions in
the udev rules a bit. In Fedora we use rtlsdr group
sed -i 's/MODE:="0666"/GROUP:="rtlsdr",
MODE:="0660"/' ../rtl-sdr.rules
If you're going to do this you should probably call the group just "sdr"
because there are a number of devices around and new ones coming which
don't use Realtek chips.

Cheers,
Adam.
Sylvain Munaut
2014-07-01 10:25:13 UTC
Permalink
Hi,
Post by Jaroslav Skarvada
I think it can be a good idea to tighten the permissions in
the udev rules a bit. In Fedora we use rtlsdr group
sed -i 's/MODE:="0666"/GROUP:="rtlsdr", MODE:="0660"/' ../rtl-sdr.rules
Maybe a bit annoying on single user desktop, but definitely
a good security practice for fine grained access to resources
especially on servers
I think it's good practice, but I also think that's the package
maintainer's job for each distro.

There is no real way to know how groups are managed and which exist
etc ... since it's pretty much distro specific. (for eg under gentoo I
don't even use that udev rules because I'm in a group allowing USB
peripheral access ...)

So having a wide and optional rule in the raw source package and let
the packager make it fit to their model seems like a good way to do it
for me.


Cheers,

Sylain
Jaroslav Skarvada
2014-07-01 10:32:29 UTC
Permalink
----- Original Message -----
Post by Sylvain Munaut
Hi,
Post by Jaroslav Skarvada
I think it can be a good idea to tighten the permissions in
the udev rules a bit. In Fedora we use rtlsdr group
sed -i 's/MODE:="0666"/GROUP:="rtlsdr", MODE:="0660"/' ../rtl-sdr.rules
Maybe a bit annoying on single user desktop, but definitely
a good security practice for fine grained access to resources
especially on servers
I think it's good practice, but I also think that's the package
maintainer's job for each distro.
There is no real way to know how groups are managed and which exist
etc ... since it's pretty much distro specific. (for eg under gentoo I
don't even use that udev rules because I'm in a group allowing USB
peripheral access ...)
So having a wide and optional rule in the raw source package and let
the packager make it fit to their model seems like a good way to do it
for me.
Cheers,
Sylain
What about CMAKE variable, e.g. -DGROUP= ?
Just an idea.

The rtlsdr we currently use was only the first shot, we probably
switch to sdr or something else later.

Also, I have no problem with the current situation, I just wanted
to let you know

thanks & regards

Jaroslav

Loading...