Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
permissions on /dev/nvidia*
761 views
Skip to first unread message
Giorgio Ruffa
Oct 5, 2011, 7:10:01 AM10/5/11
to
Hi all and thanks for reading,
I have a messy problem of permissions of /dev/nvidiactl and /dev/nvidia0.
As usual on debian distributions the video devices are owned by the video group.
ls -l /dev/nvidia*
crw-rw---- 1 root video 195, 0 Sep 27 17:56 /dev/nvidia0
crw-rw---- 1 root video 195, 255 Sep 27 17:56 /dev/nvidiactl
The problem is that I have a cluster with 1600 users and we use an ldap server for autentication where groups are not implemented (unfortunately i have no access to the LDAP server);
so all the users belong to the group users and I can't add all of them to the video group so users cannot open the nvidia* devices.
to solve the problem i tried to edit the init.d/nvidia-kernel script and replaced the line
mknod -m 0660 dev/nvidiactl c 195 255
with
mknod -m 0666 dev/nvidiactl c 195 256
and editing /etc/modprobe.d/nvidia-kernel-nkc.conf as suggested here: http://forums.nvidia.com/index.php?showtopic=82687
After the system boot permissions ore ok, but they are changed to default values after starting X or every application which tries to access these devices ;
I've also edited /etc/udev/rules.d/061_nvidia.rules (wich is a symlink to /etc/udev/nvidia.rules) adding the line
SUBSYSTEM=="nvidia*", GROUP="users" , MODE="0666"
and even
KERNEL=="nvidia*", NAME="%k" , GROUP="users" , MODE="0666"
but this doesn't solve the problem.
I've found nothing about video devices looking into consolekit or policykit conf files.
Do you know which program is responsible for the automatic changes of devices permissions?
Best regards
--
Giorgio Ruffa
--
To UNSUBSCRIBE, email to debian-us...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listm...@lists.debian.org
Archive: http://lists.debian.org/2011100510...@nanos8.pcteor1.mi.infn.it
I have a messy problem of permissions of /dev/nvidiactl and /dev/nvidia0.
As usual on debian distributions the video devices are owned by the video group.
ls -l /dev/nvidia*
crw-rw---- 1 root video 195, 0 Sep 27 17:56 /dev/nvidia0
crw-rw---- 1 root video 195, 255 Sep 27 17:56 /dev/nvidiactl
The problem is that I have a cluster with 1600 users and we use an ldap server for autentication where groups are not implemented (unfortunately i have no access to the LDAP server);
so all the users belong to the group users and I can't add all of them to the video group so users cannot open the nvidia* devices.
to solve the problem i tried to edit the init.d/nvidia-kernel script and replaced the line
mknod -m 0660 dev/nvidiactl c 195 255
with
mknod -m 0666 dev/nvidiactl c 195 256
and editing /etc/modprobe.d/nvidia-kernel-nkc.conf as suggested here: http://forums.nvidia.com/index.php?showtopic=82687
After the system boot permissions ore ok, but they are changed to default values after starting X or every application which tries to access these devices ;
I've also edited /etc/udev/rules.d/061_nvidia.rules (wich is a symlink to /etc/udev/nvidia.rules) adding the line
SUBSYSTEM=="nvidia*", GROUP="users" , MODE="0666"
and even
KERNEL=="nvidia*", NAME="%k" , GROUP="users" , MODE="0666"
but this doesn't solve the problem.
I've found nothing about video devices looking into consolekit or policykit conf files.
Do you know which program is responsible for the automatic changes of devices permissions?
Best regards
--
Giorgio Ruffa
--
To UNSUBSCRIBE, email to debian-us...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listm...@lists.debian.org
Archive: http://lists.debian.org/2011100510...@nanos8.pcteor1.mi.infn.it
Christian Jaeger
Oct 7, 2011, 10:40:02 AM10/7/11
to
(Your mail was in my gmail spam folder -- which is why I noticed it :)
> to solve the problem i tried to edit the init.d/nvidia-kernel script and replaced the line
> mknod -m 0660 dev/nvidiactl c 195 255
> with
> mknod -m 0666 dev/nvidiactl c 195 256
Wondering why you changed the minor number (255 to 256), if all you
wanted to do is changing the permission.
Also, maybe for a little more security instead of changing to world
accessible you want to change the group instead (video -> users) (or
maybe even better you find a way to change the owner to the user that
is owning the X session; I don't know exactly what's possible to
access through these devices, but I guess it might really be more than
you would like).
I don't know why the device was changing back; maybe run strace
(perhaps with a filter for mknod, chmod, fchmod, fchmodat) on all
relevant processes like X, login manager..
Also, I've never used LDAP but perhaps it would be possible to give
users authenticating through LDAP to get the video group automatically
(statically configured)?
Ch.
--
To UNSUBSCRIBE, email to debian-us...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listm...@lists.debian.org
Archive: http://lists.debian.org/CAEjYwfVi1ykYtCvKiBJw7ow-...@mail.gmail.com
> to solve the problem i tried to edit the init.d/nvidia-kernel script and replaced the line
> mknod -m 0660 dev/nvidiactl c 195 255
> with
> mknod -m 0666 dev/nvidiactl c 195 256
wanted to do is changing the permission.
Also, maybe for a little more security instead of changing to world
accessible you want to change the group instead (video -> users) (or
maybe even better you find a way to change the owner to the user that
is owning the X session; I don't know exactly what's possible to
access through these devices, but I guess it might really be more than
you would like).
I don't know why the device was changing back; maybe run strace
(perhaps with a filter for mknod, chmod, fchmod, fchmodat) on all
relevant processes like X, login manager..
Also, I've never used LDAP but perhaps it would be possible to give
users authenticating through LDAP to get the video group automatically
(statically configured)?
Ch.
--
To UNSUBSCRIBE, email to debian-us...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listm...@lists.debian.org
Giorgio Ruffa
Oct 12, 2011, 1:50:02 PM10/12/11
to
>
hi and thank you for the answer.
I've solved it using ACL and giving r/w permission to the group "users".
This is not really a solution but it works fine and don't give world r/w permission on the device.
--
Giorgio Ruffa
--
To UNSUBSCRIBE, email to debian-us...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listm...@lists.debian.org
Uli Wannek
Jan 15, 2014, 7:40:02 AM1/15/14
to
It is a very old thread, sorry, but i stumbled upon and meanwhile found
a solution:
nvidia supplies
/etc/modprobe.d/nvidia-kernel-common.conf
originally containing:
alias char-major-195* nvidia
options nvidia NVreg_DeviceFileUID=0 NVreg_DeviceFileGID=44 \
NVreg_DeviceFileMode=0660
# To enable FastWrites and Sidebus addressing, uncomment these lines
# options nvidia NVreg_EnableAGPSBA=1
# options nvidia NVreg_EnableAGPFW=1
# see #580894
blacklist nouveau
which i changed to (my "users" GID is 1000):
options nvidia NVreg_DeviceFileUID=0 NVreg_DeviceFileGID=1000 \
NVreg_DeviceFileMode=0660
After
rmmod nvidia
modprobe nvidia
rights for all nvidia devices fit.
--
To UNSUBSCRIBE, email to debian-us...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listm...@lists.debian.org
Archive: http://lists.debian.org/52D67B6E...@gmx.de
a solution:
nvidia supplies
/etc/modprobe.d/nvidia-kernel-common.conf
originally containing:
alias char-major-195* nvidia
options nvidia NVreg_DeviceFileUID=0 NVreg_DeviceFileGID=44 \
NVreg_DeviceFileMode=0660
# To enable FastWrites and Sidebus addressing, uncomment these lines
# options nvidia NVreg_EnableAGPSBA=1
# options nvidia NVreg_EnableAGPFW=1
# see #580894
blacklist nouveau
which i changed to (my "users" GID is 1000):
options nvidia NVreg_DeviceFileUID=0 NVreg_DeviceFileGID=1000 \
NVreg_DeviceFileMode=0660
After
rmmod nvidia
modprobe nvidia
rights for all nvidia devices fit.
--
To UNSUBSCRIBE, email to debian-us...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listm...@lists.debian.org
Andrei POPESCU
Jan 16, 2014, 3:10:01 AM1/16/14
to
On Mi, 15 ian 14, 13:13:34, Uli Wannek wrote:
> It is a very old thread, sorry, but i stumbled upon and meanwhile found
> a solution:
>
> nvidia supplies
> /etc/modprobe.d/nvidia-kernel-common.conf
> originally containing:
> alias char-major-195* nvidia
> options nvidia NVreg_DeviceFileUID=0 NVreg_DeviceFileGID=44 \
> NVreg_DeviceFileMode=0660
> # To enable FastWrites and Sidebus addressing, uncomment these lines
> # options nvidia NVreg_EnableAGPSBA=1
> # options nvidia NVreg_EnableAGPFW=1
> # see #580894
> blacklist nouveau
>
> which i changed to (my "users" GID is 1000):
> options nvidia NVreg_DeviceFileUID=0 NVreg_DeviceFileGID=1000 \
> NVreg_DeviceFileMode=0660
> After
> rmmod nvidia
> modprobe nvidia
> rights for all nvidia devices fit.
I'm guessing you could have solved you problem by adding your user to
> It is a very old thread, sorry, but i stumbled upon and meanwhile found
> a solution:
>
> nvidia supplies
> /etc/modprobe.d/nvidia-kernel-common.conf
> originally containing:
> alias char-major-195* nvidia
> options nvidia NVreg_DeviceFileUID=0 NVreg_DeviceFileGID=44 \
> NVreg_DeviceFileMode=0660
> # To enable FastWrites and Sidebus addressing, uncomment these lines
> # options nvidia NVreg_EnableAGPSBA=1
> # options nvidia NVreg_EnableAGPFW=1
> # see #580894
> blacklist nouveau
>
> which i changed to (my "users" GID is 1000):
> options nvidia NVreg_DeviceFileUID=0 NVreg_DeviceFileGID=1000 \
> NVreg_DeviceFileMode=0660
> After
> rmmod nvidia
> modprobe nvidia
> rights for all nvidia devices fit.
group 'video' (44).
Kind regards,
Andrei
--
http://wiki.debian.org/FAQsFromDebianUser
Offtopic discussions among Debian users and developers:
http://lists.alioth.debian.org/mailman/listinfo/d-community-offtopic
http://nuvreauspam.ro/gpg-transition.txt
0 new messages