I recently got USB working on my box, and found that permissions on USB keychain devices is still a mess, especially on multi-user machines. (Mine isn't, but...) Most devices are handled by /etc/console.perms, which basically just grants "console" devices to the user at the console, but (at the time of writing) it didn't handle keychain devices. console.perms also didn't seem to handle hotplugging, so I'v eput together these system patches to rectify these problems.
Obviously, you'll have to run this all as root. The code's simple enough that you can probably verify its safety yourself. If you have any problems with it (or notice any possible ones), please tell me. Without further ado... HOWTO handle permissions on keychain disks ------------------------------------------ First create the flash permission tool and its helper files... cat << EOF > /usr/local/bin/flash-perms #!/bin/sh [ -d $1 ] && exit [ ! -e /root/flashtag ] && exit chown `stat -c%U /root/flashtag` $1 EOF touch /root/flashtag Then add the device to /etc/security/console.perms: cat << EOF >> /etc/security/console.perms <flashdisk>=/dev/sd* /root/flashtag <console> 0600 <flashdisk> 0600 root EOF And to devfsd: cat >> /etc/devfs.d/flash-support REGISTER ^sd* EXECUTE /usr/local/bin/flash-perms $devpath EOF NOTE that you'll have to change this last script if you have any other SCSI disks: exclude them from the regexp or create special cases in flash-perms. Finally, let's add some fstab entries. Again, remove any that don't apply to your system. If you expect more than four flash disks, create more entries in the same pattern as these. cat << EOF >> /etc/fstab /dev/sda /mnt/flash-a vfat noauto,owner 0 0 /dev/sda1 /mnt/flash-a1 vfat noauto,owner 0 0 /dev/sda2 /mnt/flash-a2 vfat noauto,owner 0 0 /dev/sda3 /mnt/flash-a3 vfat noauto,owner 0 0 /dev/sda4 /mnt/flash-a4 vfat noauto,owner 0 0 /dev/sdb /mnt/flash-b vfat noauto,owner 0 0 /dev/sdb1 /mnt/flash-b1 vfat noauto,owner 0 0 /dev/sdb2 /mnt/flash-b2 vfat noauto,owner 0 0 /dev/sdb3 /mnt/flash-b3 vfat noauto,owner 0 0 /dev/sdb4 /mnt/flash-b4 vfat noauto,owner 0 0 /dev/sdc /mnt/flash-c vfat noauto,owner 0 0 /dev/sdc1 /mnt/flash-c1 vfat noauto,owner 0 0 /dev/sdc2 /mnt/flash-c2 vfat noauto,owner 0 0 /dev/sdc3 /mnt/flash-c3 vfat noauto,owner 0 0 /dev/sdc4 /mnt/flash-c4 vfat noauto,owner 0 0 /dev/sdd /mnt/flash-d vfat noauto,owner 0 0 /dev/sdd1 /mnt/flash-d1 vfat noauto,owner 0 0 /dev/sdd2 /mnt/flash-d2 vfat noauto,owner 0 0 /dev/sdd3 /mnt/flash-d3 vfat noauto,owner 0 0 /dev/sdd4 /mnt/flash-d4 vfat noauto,owner 0 0 EOF pushd mnt mkdir flash-a flash-a1 flash-a2 flash-a3 flash-a4 mkdir flash-b flash-b1 flash-b2 flash-b3 flash-b4 mkdir flash-c flash-c1 flash-c2 flash-c3 flash-c4 mkdir flash-d flash-d1 flash-d2 flash-d3 flash-d4 popd And there you have it. Flash disks will be given to the console user on login or insertion, and revert to being owned by root at logout. You can also mount flash disks (as vfat - feel free to add to or modify the list of filesystems) without being root - ideal for a multiuser system. These instructions were written with Gentoo Linux in mind, though they would probably work just as well on any other system that uses devfs(d) and PAM. -- Andrew Farmer [EMAIL PROTECTED]
pgp00000.pgp
Description: PGP signature