I recently got USB working on my box, and found that permissions on USB keychain devices is still a mess, especially on multi-user machines. (Mine isn't, but...) Most devices are handled by /etc/console.perms, which basically just grants "console" devices to the user at the console, but (at the time of writing) it didn't handle keychain devices. console.perms also didn't seem to handle hotplugging, so I'v eput together these system patches to rectify these problems.
Obviously, you'll have to run this all as root. The code's simple enough
that you can probably verify its safety yourself. If you have any problems
with it (or notice any possible ones), please tell me.
Without further ado...
HOWTO handle permissions on keychain disks
------------------------------------------
First create the flash permission tool and its helper files...
cat << EOF > /usr/local/bin/flash-perms
#!/bin/sh
[ -d $1 ] && exit
[ ! -e /root/flashtag ] && exit
chown `stat -c%U /root/flashtag` $1
EOF
touch /root/flashtag
Then add the device to /etc/security/console.perms:
cat << EOF >> /etc/security/console.perms
<flashdisk>=/dev/sd* /root/flashtag
<console> 0600 <flashdisk> 0600 root
EOF
And to devfsd:
cat >> /etc/devfs.d/flash-support
REGISTER ^sd* EXECUTE /usr/local/bin/flash-perms $devpath
EOF
NOTE that you'll have to change this last script if you have any other SCSI
disks: exclude them from the regexp or create special cases in flash-perms.
Finally, let's add some fstab entries. Again, remove any that don't apply to
your system. If you expect more than four flash disks, create more entries in
the same pattern as these.
cat << EOF >> /etc/fstab
/dev/sda /mnt/flash-a vfat noauto,owner 0 0
/dev/sda1 /mnt/flash-a1 vfat noauto,owner 0 0
/dev/sda2 /mnt/flash-a2 vfat noauto,owner 0 0
/dev/sda3 /mnt/flash-a3 vfat noauto,owner 0 0
/dev/sda4 /mnt/flash-a4 vfat noauto,owner 0 0
/dev/sdb /mnt/flash-b vfat noauto,owner 0 0
/dev/sdb1 /mnt/flash-b1 vfat noauto,owner 0 0
/dev/sdb2 /mnt/flash-b2 vfat noauto,owner 0 0
/dev/sdb3 /mnt/flash-b3 vfat noauto,owner 0 0
/dev/sdb4 /mnt/flash-b4 vfat noauto,owner 0 0
/dev/sdc /mnt/flash-c vfat noauto,owner 0 0
/dev/sdc1 /mnt/flash-c1 vfat noauto,owner 0 0
/dev/sdc2 /mnt/flash-c2 vfat noauto,owner 0 0
/dev/sdc3 /mnt/flash-c3 vfat noauto,owner 0 0
/dev/sdc4 /mnt/flash-c4 vfat noauto,owner 0 0
/dev/sdd /mnt/flash-d vfat noauto,owner 0 0
/dev/sdd1 /mnt/flash-d1 vfat noauto,owner 0 0
/dev/sdd2 /mnt/flash-d2 vfat noauto,owner 0 0
/dev/sdd3 /mnt/flash-d3 vfat noauto,owner 0 0
/dev/sdd4 /mnt/flash-d4 vfat noauto,owner 0 0
EOF
pushd mnt
mkdir flash-a flash-a1 flash-a2 flash-a3 flash-a4
mkdir flash-b flash-b1 flash-b2 flash-b3 flash-b4
mkdir flash-c flash-c1 flash-c2 flash-c3 flash-c4
mkdir flash-d flash-d1 flash-d2 flash-d3 flash-d4
popd
And there you have it. Flash disks will be given to the console user on login
or insertion, and revert to being owned by root at logout. You can also mount
flash disks (as vfat - feel free to add to or modify the list of filesystems)
without being root - ideal for a multiuser system.
These instructions were written with Gentoo Linux in mind, though they would
probably work just as well on any other system that uses devfs(d) and PAM.
--
Andrew Farmer
[EMAIL PROTECTED]
pgp00000.pgp
Description: PGP signature
