Offering access control is sometimes vital for the reliability of a device node. Not only should unauthorized users not be permitted to use the device (which is enforced by the filesystem permission bits), but sometimes only one authorized user should be allowed to open the device at a time.

None of the code shown up to now implements any access control in addition to the filesystem permission bits. If the open system call forwards the request to the driver, open will succeed. I’m now going to introduce a few techniques for implementing some additional checks.

The problem is similar to that of using ttys. In that case, the login process changes the ownership of the device node whenever a user logs into the system, in order to prevent intrusion in the tty data flow. However, it’s impractical to use a privileged program to change the ownership of a device every time it is opened, just to grant unique access to it.

Every device shown in this section has the same behavior as the bare scull device (that is, it implements a persistent memory area); it differs from scull only in access control, which is implemented in the open and close operations.