How Debian controls hardware access

Posted by Steve on Mon 14 Mar 2005 at 11:00

Like a lot of other Linux distributions Debian handles hardware access via the groups upon the system. This is the single most common reason why access to sound, CD-ROMs, and other devices fail.

A common symptom of insufficient permissions will be that the superuser, root, will be able to perform an action, such as listening to music, whilst an ordinary user will not be able to.

On Debian systems there are a number of different groups, each specified in the /etc/group file, for controlling access to particular devices.

• audio
  • Members of the audio group can access the sound device /dev/dsp. This is required for listening to music, or making audio recordings.
• dialout
  • The dialout group is used to control access to dialout scripts which connect to ISPs, etc. If you're using ppp, dip or similar services you'll need to be a member of the dialout group. (Or root!)
• cdrom
  • All members of the cdrom group have read + write access to the CD-ROM devices upon a system, if any.
• floppy
  • The floppy group has the ability to read and write to any floppy disk which is in the drive, if any.
• video
  • The video group gains the ability to write to video memory. This is required if you wish to use the nvidia driver, for example.
• fax
  • The fax group is similar to the dialout group and allows you to interface with any fax device.
• sudo
  • Members of the sudo group need not type their passwords when running sudo, although it's more obvious to specify this by using the NOPASSWD option inside the configuration file.
• tape
  • Being a member of the tape device allows you to work with any attached tape device.

Other groups exist as a simple convention, so far example members of the staff group can write to /usr/local by default - so they can add local software. Similarly the members of the group src can directly write to the /usr/src directory.

To add a user to a particular group you would run the following command as root:

adduser username groupname

Eg:

root@mystery:~# adduser skx audio
Adding user `skx' to group `audio'...
Done.

Once this has been done the user must logout and login again for the changes to take effect.

To see which groups you are a member of you can run the "id" command:

skx@mystery:~$ id
uid=1000(skx) gid=1000(skx) groups=20(dialout),24(cdrom),25(floppy),29(audio),44(video),1000(skx)

This article can be found online at the Debian Administration website at the following bookmarkable URL:

• http://www.debian-administration.org/articles/109

This article is copyright 2005 Steve - please ask for permission to republish or translate.