USB problem: /dev/ugen* dynamically auto-reconfigures to
root:operator 644, so non-root user unable to access USB devices
even if wanted
Andreas Klemm
andreas at freebsd.org
Mon Oct 20 04:35:35 PDT 2003
On Mon, Oct 20, 2003 at 12:19:46PM +0200, Poul-Henning Kamp wrote:
> In message <20031020100547.GA1615 at titan.klemm.apsfilter.org>, Andreas Klemm wri
> tes:
> >Hi,
> >
> >have severe problems accessing usb devices as non-root user.
> >In this case a Canon Powershot G5 camera.
> >
> >I want to download pics from my digicam using digikam application
> >as user "andreas".
>
> Use the devfs(8) command to request changes the owner or modes to
> suit your needs. This works a bit like "firewall rules" and when
> the device is created the modes/owner is set.
Good idea. But no success and inexpected results.
Well now I use both /etc/devfs.conf and "devfs rule add" in /etc/rc.local.
It was 1st unclear to me after reading the devfs(8) manpage, that
the
devfs rule add - command
1st needs a command like
devfs ruleset 100
So now I have
1) /etc/devfs.conf with:
perm ugen1 0666
perm ugen1.1 0666
perm ugen1.2 0666
perm ugen1.3 0666
and
2) devfs rule show
100 path ugen mode 666
I halted system, turned camera off and on
Booted FreeBSD.
1. Step, check permissions without having started any camersa application
ls -l /dev/ugen*
crw-r--r-- 1 root operator 114, 0 Oct 20 13:14 /dev/ugen0
crw-r--r-- 1 root operator 114, 2 Oct 20 13:14 /dev/ugen0.2
crw-rw-rw- 1 root operator 114, 16 Oct 20 13:14 /dev/ugen1
crw-rw-rw- 1 root operator 114, 17 Oct 20 13:14 /dev/ugen1.1
crw-rw-rw- 1 root operator 114, 18 Oct 20 13:14 /dev/ugen1.2
crw-rw-rw- 1 root operator 114, 19 Oct 20 13:14 /dev/ugen1.3
You see the camera is on, therefore the ugen1 devices have been
created. Good so far.
A bit strange is, that ugen0 (USB printer) still has mode 644,
this is the printer...
I would expect, that the devfs rule 100 would have been applied by
the system and it should be active for this device as well !
Note: And later we see, that even the permission of the ugen1 interface
change again to 644 after the 1st "access" or whatever !
Well lets repeat, the machine is freshly restarted, camera was
on and ugen1 devices have 0666.
2. step: start digikam as user
root at titan[ttyp2]{5} ~ ls -l /dev/ugen*
crw-r--r-- 1 root operator 114, 0 Oct 20 13:14 /dev/ugen0
crw-r--r-- 1 root operator 114, 2 Oct 20 13:14 /dev/ugen0.2
crw-rw-rw- 1 root operator 114, 16 Oct 20 13:14 /dev/ugen1
crw-rw-rw- 1 root operator 114, 17 Oct 20 13:14 /dev/ugen1.1
crw-rw-rw- 1 root operator 114, 18 Oct 20 13:14 /dev/ugen1.2
crw-rw-rw- 1 root operator 114, 19 Oct 20 13:14 /dev/ugen1.3
The startup itself is "harmless" nothing happens and no access to camera.
The digikam application has a config files and presents the camera
found in the last session (from config file).
3. step, try to access camera
by klick on the Canon PowerShot G5 line in digikam
"failed to initialize the camera"
root at titan[ttyp2]{6} ~ ls -l /dev/ugen*
crw-r--r-- 1 root operator 114, 0 Oct 20 13:14 /dev/ugen0
crw-r--r-- 1 root operator 114, 2 Oct 20 13:14 /dev/ugen0.2
crw-rw-rw- 1 root operator 114, 16 Oct 20 13:14 /dev/ugen1
crw-r--r-- 1 root operator 114, 17 Oct 20 13:14 /dev/ugen1.1
crw-r--r-- 1 root operator 114, 18 Oct 20 13:14 /dev/ugen1.2
crw-r--r-- 1 root operator 114, 19 Oct 20 13:14 /dev/ugen1.3
And voila, ther permission are wrong again.
Note:
I think the lpd daemon accesses the printer on startup.
Therefore the ugen0 device already had the new permission 644
which I observed in the previous step !
Any idea how to resolve this ?
And BTW, shouldn't the devfs(8) manpage have a reference
to devfs.conf ? I understand, that /etc/devfs.conf is only
used by the /etc/rc.d/devfs startup script, to setup permissions
via chmod commands and such .... so no real relationship to the
devfs command.
But I'd find it useful to have a reference to it.
Or ... something like a devfs.conf(5) manpage is missing
and a SEE ALSO devfs.conf(5) in devfs(8) is missing, what
would probably be better ...
Or what do you think ?
--
Andreas Klemm - Powered by FreeBSD 5.1-CURRENT
Need a magic printfilter today ? -> http://www.apsfilter.org/
More information about the freebsd-current
mailing list