Hi, I'm still trying to get to the bottom of the device file permission system. The new rules seem to work fine so far, but I'd like to be sure it's not a quirk. libusb/55-Argyll.rules currently tests for /lib/udev/udev-acl, delegates permissions to it if it exists, and uses the static "plugdev" group otherwise. From my understanding, there are three possible scenarios: 1. Recent udev with udev-acl, ConsoleKit is also present. 2. Recent udev, but no ConsoleKit. 3. “Old” udev. With the current rules, scenario 3 leads to the device file belonging to plugdev, which is a good fallback; scenario 1 leads to the permissions being delegated to ConsoleKit via udev-acl, which is good too; but scenario 2 leads to the permissions being delegated to udev-acl, which won't do anything (apart setting an ACL to allow root to access the device, which doesn't have much use). In order to handle this scenario, I suggest the following patch: === modified file 'libusb/55-Argyll.rules' --- libusb/55-Argyll.rules 2010-01-24 19:21:41 +0000 +++ libusb/55-Argyll.rules 2010-01-26 14:42:48 +0000 @@ -43,10 +43,11 @@ # Huey ATTRS{idVendor}=="0971", ATTRS{idProduct}=="2005", ENV{COLOR_MEASUREMENT_DEVICE}="1" -# Let ACL manage these devices, if it is installed -TEST=="/lib/udev/udev-acl", ENV{COLOR_MEASUREMENT_DEVICE}=="*?", ENV{ACL_MANAGE}="1" +# Let udev-acl and ConsoleKit manage these devices, if applicable +TEST=="/lib/udev/udev-acl", TEST=="/var/run/ConsoleKit/database", ENV{COLOR_MEASUREMENT_DEVICE}=="*?", ENV{ACL_MANAGE}="1" -# Otherwise users should be members of the plugdev group +# Otherwise, restrict access to members of the plugdev group +TEST!="/var/run/ConsoleKit/database", ENV{COLOR_MEASUREMENT_DEVICE}=="*?", MODE="660", GROUP="plugdev" TEST!="/lib/udev/udev-acl", ENV{COLOR_MEASUREMENT_DEVICE}=="*?", MODE="660", GROUP="plugdev" LABEL="argyll_rules_end" I might apply this to the Debian packaging, but I'd like to get comments beforehand :-) Roland. -- Roland Mas ...your network won't even know it's talking to a proxy, unless of course, the proxy doesn't work. -- in Linux 2.4 NAT HOWTO