2009/12/26 Graeme Gill <graeme@xxxxxxxxxxxxx>: > Richard Hughes wrote: > >> Graeme, you probably want to update to this version in upstream >> argyll. If nothing else, the ACL_MANAGE attributes ensures we only >> limit device access to local users, not just all users, which may or >> may not be a security concern. > > Unfortunately your 55-Argyll.rules doesn't seem to pass regression. > It doesn't work for instance on OpenSuSE 10.3, and probably lots > of others. I'm guessing that something would need to be done > to actually make "ACL_MANAGE" do something on these sorts of systems. ACL_MANAGE will only work on "recent" udev releases (probably udev > 137), which will set ACL on the needed devices, for users with console privileges (see below). To know if those rules will work, check if /lib/udev/udev-acl executable exists : it is does, it will take care of settting ACL. > (Besides which, I was led to believe that udev rules were going away > as a means of managing such things, and that PolicyKit is taking its > place ? If this is not true, then what *is* going on, because I sure > as heck can't keep track of it!) It was HAL + PolicyKit + ConsoleKit which was taking care of setting ACL (which is why both a .fdi and .policy files were needed). This stuff is being deprecated (in recent distributions), in favor of udev rules only. I would probably recommend not setting ACL_MANAGE directly in argyllcms rules (this is also what is recommended by udev upstream developpers), but instead, using the "COLOR_MEASUREMENT_DEVICE" variable to set ACL_MANAGE in upstream udev ACL rules, just like it is already done upstrezam for scanner and various other devices. In /lib/udev/rules.d/70-acl.rules, adding a line like : # color calibration device ENV{COLOR_MEASUREMENT_DEVICE}=="1", ENV{ACL_MANAGE}="1" -- Frederic Crozat