Re: Let non-root users use MTP devices (Attempt #2)

[ludo@gnu.org (Ludovic Courtès)]

Chris Marusich <cmmarusich@gmail.com> skribis:

> Chris Marusich <cmmarusich@gmail.com> writes:
>
>> Here's a second attempt to fix MTP support for GuixSD.  It's simple and
>> requires no special group permissions.
>>
>> It turns out that elogind (like systemd's logind) can be compiled with
>> support for ACLs (provided by libacl), in which case elogind will
>> automatically set an ACL on a device file granting access to a user when
>> that user is logged in using a seat to which the device is attached.  In
>> short, by adding acl as an input to elogind, users will be able to
>> access devices without running programs as root, and without being a
>> member of any special group.
>>
>> That's just one piece of the puzzle, though.  The other piece is the
>> udev rules provided by libmtp.  It's necessary to install those udev
>> rules; if we don't, then the MTP device won't be tagged properly, so
>> elogind will not set any ACLs for it.  I've chosen to install those
>> rules by modifying the base services in desktop.scm so that all desktops
>> will get the rules, not just GNOME; if you know of a better way to
>> install them, please let me know.
>>
>> This patch has a happy side effect.  Namely: because elogind is now
>> setting ACLs, it gives a user access to other devices that are attached
>> to their seat.  For instance, after this change, I can access /dev/kvm
>> and /dev/cdrom (and other devices) without being root, and without being
>> in any special group.  How nice!
>
> After sending this, I've noticed something odd: sometimes, it can take
> quite a while for elogind to set the ACLs.  It's a bit of a mystery to
> me.  I'm not sure how/when elogind decides to update the ACLs; I assumed
> it was continuously checking for changes in the hardware or receiving
> notifications about hardware changes, but it seems like elogind isn't
> noticing when I plug in my phone.  Even though the device file shows up,
> elogind doesn't set the ACLs unless I do something.
>
> By "do something," I mean: Apparently, logging out and logging back in
> seems to trigger elogind to set the ACLs.  Even just switching virtual
> terminals (i.e., Control + F1, followed by Control + F7) seems to
> trigger it, which is weird.  Even when elogind has not yet set the ACLs,
> the "uaccess" tag has in fact been correctly set for the device (as
> reported by e.g. "udevadm info /dev/libmtp-1-1"), which leads me to
> suspect that elogind is either failing to notice or just ignoring the
> hardware change.  I wonder if this might be a bug of some kind.
>
> What do you think we should do?

Good question!  I don’t know.  Does this happen only for MTP devices or
also with other things (KVM?)?

Does “udevadm settle” trigger the ACL change?

Thanks,
Ludo’.