udev + logind + uaccess can grant users access to /dev devices while they are logged in by adding user ACL to devices when they are logged in.
udev tags devices with
uaccess tag. logind sees uaccess tag and gives logged-in users access to the tagged /dev devices.
This can be convenient and perhaps securer because users don't have to add themselves to supplementary groups.
We could have a uaccessd or pam_uaccess of sorts. It doesn't need to integrate with seatd or session switching as uaccess can't revoke fds anyway - setting acls on login/logout should be sufficient.
What is seatd for anyway? I installed seatd just to get rid of elogind from my system.
seatd provides an implementation of seat management, which is a feature commonly provided by logind. It is not a goal for seatd to implement every odd an unrelated feature present in logind (like laptop backlight control), as this would simply lead to a bad systemd clone.
Instead, when something can be implemented by another daemon or project instead of being part of seatd, it should (maybe by the same authors as seatd, maybe not). That leads to small modular tools that people can be independently chosen, improved or replaced.
uaccess could simply a PAM module - I don't even think it needs a daemon.
I agree with your sentiment. I just wonder what seat management is and whether I could run sway without seat management.
It's brand new and experimental, and does have a few caveats which may require a daemon to solve, but it might be good enough for most cases.