Re: udev permissions for USB

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Mon, Oct 25, 2010 at 5:49 PM, Kay Sievers <kay.sievers@xxxxxxxx> wrote:

>> I wonder if the default udev rule for libusb device (Mode 0664) follow your
>> reasoning. I do not think group based rule (Mode 0660 and using "plugdev"
>> group) is any worse than the default libusb udev rule for remote logged-in
>> users.
>>
>> And there are plenty of group based rules in 50-udev-default.rules,
>> like sound, video and firewire device.
>>
>> Eg: all the lines above the default libusb rules.
>>
>> # sound
>> SUBSYSTEM=="sound",             GROUP="audio"
>> KERNEL=="mixer0",               SYMLINK+="mixer"
>>
>> # DVB (video)
>> SUBSYSTEM=="dvb", GROUP="video"
>>
>> # libusb device nodes
>> SUBSYSTEM=="usb", ENV{DEVTYPE}=="usb_device", MODE="0664"
>>
>> Am I missing something obvious here?
>
> These are groups for system daemons like video grabbers and such, and
> not groups to ever put individual users in.

Thanks for the explanation, now it is clear to me.

> The commonly used groups are device-class based matches only. The
> udev-managed user ACLs are also class-based only, and not bus based.
> They are no unpredictable match like 'all pci devices'. For example,
> we must never grant access to a USB device which contains a
> usb-storage blockdevice.
>
> You can just add such a udev rule to systems you administrate, if
> that's the behavior you expect and can be sure its not a security
> issue. The default udev installation does not
> suggest/recommend/support anything like this.
>

The thread is from the following libusb mailing list thread, including
some OT rant about Linux.
http://libusb.6.n5.nabble.com/LibUSB-Claim-doesnt-work-td3217437.html

>> # libusb device nodes
>> SUBSYSTEM=="usb", ENV{DEVTYPE}=="usb_device", MODE="0664"

Changing the mode to "0666" is a "lazy" solution for system with only
one user (typical home desktop). But this is not a good solution for
other setup. That is why I think a group based solution is probably better.

Do you see any other possible solutions from udev (other than asking users to
create a new udev rule) so that libusb based applications can be made
to work right out of the box under Linux?

The permission problem seems to be forever present in libusb mailing list.


-- 
Xiaofan
--
To unsubscribe from this list: send the line "unsubscribe linux-hotplug" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[Index of Archives]     [Linux Kernel]     [Linux DVB]     [Asterisk Internet PBX]     [DCCP]     [Netdev]     [X.org]     [Util Linux NG]     [Fedora Women]     [ALSA Devel]     [Linux USB]

  Powered by Linux