xref: /freebsd/sbin/devfs/devfs.8 (revision e5d09546) 
1.\"
2.\" Copyright (c) 2002 Dima Dorfman.
3.\" All rights reserved.
4.\"
5.\" Redistribution and use in source and binary forms, with or without
6.\" modification, are permitted provided that the following conditions
7.\" are met:
8.\" 1. Redistributions of source code must retain the above copyright
9.\"    notice, this list of conditions and the following disclaimer.
10.\" 2. Redistributions in binary form must reproduce the above copyright
11.\"    notice, this list of conditions and the following disclaimer in the
12.\"    documentation and/or other materials provided with the distribution.
13.\"
14.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
15.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
16.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
17.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
18.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
19.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
20.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
21.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
22.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
23.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
24.\" SUCH DAMAGE.
25.\"
26.\" $FreeBSD$
27.\"
28.Dt DEVFS 8
29.Dd July 1, 2002
30.Os
31.Sh NAME
32.Nm devfs
33.Nd "DEVFS control"
34.Sh SYNOPSIS
35.Nm
36.Op Fl m Ar mount-point
37.Cm keyword
38.Ar argument ...
39.Sh DESCRIPTION
40The
41.Nm
42utility provides an interface to manipulate properties of
43.Xr devfs 5
44mounts.
45.Pp
46The first keyword after the program name determines the context for
47the rest of the arguments.
48For example,
49most of the commands related to the rule subsystem must be preceded by the
50.Cm rule
51keyword.
52The following flags are common to all keywords:
53.Bl -tag -offset indent
54.It Fl m Ar mount-point
55Operate on
56.Ar mount-point ,
57which is expected to be a
58.Xr devfs 5
59mount.
60If this option is not specified,
61.Nm
62operates on
63.Pa /dev .
64.El
65.Ss Rule Subsystem
66The
67.Xr devfs 5
68rule subsystem provides a way for the administrator of a system to control
69the attributes of DEVFS nodes.
70.\" XXX devfs node?  entry?  what?
71Each DEVFS mount-point has a
72.Dq ruleset ,
73or a list of rules,
74associated with it.
75When a device driver creates a new node,
76all the rules in the ruleset associated with each mount-point are applied
77(see below) before the node becomes visible to the userland.
78This permits the administrator to change the properties,
79including the visibility,
80of certain nodes.
81For example, one might want to hide all disk nodes in a
82.Xr jail 2 Ns 's
83.Pa /dev .
84.Ss Rule Manipulation
85Rule manipulation commands follow the
86.Cm rule
87keyword.
88The following flags are common to all of the rule manipulation commands:
89.Bl -tag -offset indent
90.It Fl s Ar ruleset
91Operate on the ruleset with the number
92.Ar ruleset .
93If this is not specified,
94the commands operate on the ruleset currently associated with the
95specified mount-point.
96.El
97.Pp
98The following commands are recognized:
99.Bl -tag -offset indent
100.It Cm rule add Oo Ar rulenum Oc Ar rulespec
101Add the rule described by
102.Ar rulespec
103(defined below)
104to the ruleset.
105The rule has the number
106.Ar rulenum
107if it is explicitly specified;
108otherwise, the rule number is automatically determined by the kernel.
109.It Cm rule apply Ar rulenum | Ar rulespec
110Apply rule number
111.Ar rulenum
112or the rule described by
113.Ar rulespec
114to the mount-point.
115Rules that are "applied" have their conditions checked against all nodes
116in the mount-point, and the actions taken if they match.
117.It Cm rule applyset
118Apply all the rules in the ruleset to the mount-point
119(see above for the definition of "apply").
120.It Cm rule del Ar rulenum
121Delete rule number
122.Ar rulenum
123from the ruleset.
124.It Cm rule delset
125Delete all rules from the ruleset.
126.It Cm rule show Op Ar rulenum
127Display the rule number
128.Ar rulenum ,
129or all the rules in the ruleset.
130The output lines (one line per rule) are expected to be valid
131.Ar rulespec Ns s .
132.It Cm rule showsets
133Report the numbers of existing rulesets.
134.It Cm ruleset Ar ruleset
135Set ruleset number
136.Ar ruleset
137as the current ruleset for the mount-point.
138.El
139.Ss Rule Specification
140Rules have two parts: the conditions and the actions.
141The conditions determine which DEVFS nodes the rule matches,
142and the actions determine what should be done when a rule matches a node.
143For example, a rule can be written that sets the GID to
144.Li games
145for all devices with major number 53.
146If the first token of a rule specification is a single dash
147.Pq Dq - ,
148rules are read from the standard input and the rest of the specification
149is ignored.
150.Pp
151The following conditions are recognized.
152Conditions are ANDed together when matching a device;
153if OR is desired, multiple rules can be written.
154.Bl -tag -offset indent
155.It Cm major Ar majdev
156Matches any node with a major number equal to
157.Ar majdev .
158.It Cm path Ar pattern
159Matches any node with a path that matches
160.Ar pattern .
161The latter is interpreted as a
162.Xr glob 3 Ns -style
163pattern.
164.It Cm type Ar devtype
165Matches any node that is of type
166.Ar devtype .
167Valid types are
168.Li disk , mem , tape
169and
170.Li tty .
171.El
172.Pp
173The following actions are recognized.
174Although there is no explicit delimiter between conditions and actions,
175they may not be intermixed.
176.Bl -tag -offset indent
177.It Cm group Ar gid
178Set the GID of the node to
179.Ar gid ,
180which may be a group name
181(looked up in
182.Pa /etc/group )
183or number.
184.It Cm hide
185Hide the node.
186Nodes may later be revived manually with
187.Xr mknod 8 ,
188or with the
189.Cm unhide
190action.
191.It Cm include Ar ruleset
192Apply all the rules in ruleset number
193.Ar ruleset
194to the node.
195This does not necessarily result in any changes to the node
196(e.g., if none of the rules in the included ruleset match).
197.It Cm mode Ar filemode
198Set the file mode to
199.Ar filemode ,
200which is interpreted in octal.
201.It Cm user Ar uid
202Set the UID to
203.Ar uid ,
204which may be a user name
205(looked up in
206.Pa /etc/passwd )
207or number.
208.It Cm unhide
209Unhide the node.
210.El
211.Sh IMPLEMENTATION NOTES
212Rulesets are created by the kernel at the first reference,
213and destroyed when the last reference disappears.
214E.g., a ruleset is created when a rule is added to it or when it is set
215as the current ruleset for a mount-point;
216a ruleset is destroyed when the last rule in it is deleted,
217and no other references to it exist
218(i.e., it is not included by any rules, and it is not the current ruleset
219for any mount-point).
220.Pp
221Ruleset number 0 is the default ruleset for all new mount-points.
222It is always empty, cannot be modified or deleted, and does not show up
223in the output of
224.Cm showsets .
225.Pp
226Rules and rulesets are unique to the entire system,
227not a particular mount-point.
228I.e., a
229.Cm showsets
230will return the same information regardless of the mount-point specified with
231.Fl m .
232The mount-point is only relevant when changing what its current ruleset is,
233or when using one of the apply commands.
234.Sh EXAMPLES
235When the system boots,
236the only ruleset that exists is ruleset number 0;
237since the latter may not be modified, we have to create another ruleset
238before adding rules.
239Note that since most of the following examples don't specify
240.Fl m ,
241the operations are performed on
242.Pa /dev
243(this only matters for things that might change the properties of nodes).
244.Pp
245.Dl devfs ruleset 10
246.Pp
247Specify that ruleset 10 should be the current ruleset for
248.Pa /dev
249(if it does not already exist, it is created).
250.Pp
251.Dl devfs rule add path speaker mode 666
252.Pp
253Add a rule that causes all nodes that have a path that matches
254"speaker"
255(this is only
256.Pa /dev/speaker )
257to have the file mode 666 (read and write for all).
258Note that if any such nodes already exist, their mode will not be changed
259unless this rule (or ruleset) is explicitly applied (see below).
260The mode
261.Em will
262be changed if the node is created
263.Em after
264the rule is added
265(e.g., the
266.Pa atspeaker
267module is loaded after the above rule is added).
268.Pp
269.Dl devfs rule applyset
270.Pp
271Apply all the rules in the current ruleset to all the existing nodes.
272E.g., if the above rule was added after
273.Pa /dev/speaker
274was created,
275this command will cause its file mode to be changed to 666,
276as rule rule prescribes.
277.Pp
278.Dl devfs rule add path "snp*" mode 660 group snoopers
279.Pp
280(Quoting the argument to
281.Cm path
282is often necessary to disable the shell's globbing features.)
283For all devices with a path that matches "snp*",
284set the file more to 660, and the GID to
285.Li snoopers .
286This permits users in the
287.Li snoopers
288group to use the
289.Xr snp 4
290devices.
291.Pp
292.Dl devfs rule -s 20 add major 53 group games
293.Pp
294Add a rule to ruleset number 20.
295Since this ruleset is not the current ruleset for any mount-points,
296this rule is never applied automatically (unless ruleset 20 becomes
297a current ruleset for some mount-point at a later time).
298However, it can be applied explicitly, as such:
299.Pp
300.Dl devfs -m /my/jail/dev rule -s 20 applyset
301.Pp
302This will apply all rules in ruleset number 20 to the DEVFS mount on
303.Pa /my/jail/dev .
304It doesn't matter that ruleset 20 is not the current ruleset for that
305mount-point; the rules are applied regardless.
306.Pp
307.Dl devfs rule apply hide
308.Pp
309Since this rule has no conditions, the action
310.Pq Cm hide
311will be applied to all nodes.
312Since hiding all nodes isn't very useful, we can undo like so:
313.Pp
314.Dl devfs rule apply unhide
315.Pp
316which applies
317.Cm unhide
318to all the nodes,
319causing them to reappear.
320.Pp
321.Dl cat my_rules | devfs rule -s 10 add -
322.Pp
323Add all the rules from the file
324.Pa my_rules
325to ruleset 10.
326.Pp
327.Dl devfs rule -s 20 show | devfs rule -s 10 add -
328.Pp
329Since
330.Cm show
331outputs valid rules,
332this feature can be used to copy rulesets.
333The above copies all the rules from ruleset 20 into ruleset 10.
334The rule numbers are preserved,
335but ruleset 10 may already have rules with non-conflicting numbers
336(these will be preserved).
337.Sh SEE ALSO
338.Xr jail 2 ,
339.Xr glob 3 ,
340.Xr devfs 5 ,
341.Xr chmod 8 ,
342.Xr chown 8 ,
343.Xr jail 8 ,
344.Xr mknod 8
345.Sh AUTHORS
346.An Dima Dorfman
347