Re: Providing access to USB devices
On Sep 20, 10:49am, Martin Husemann wrote: } On Thu, Sep 20, 2018 at 10:41:01AM +0200, Pierre Pronchery wrote: } > Would it make sense to create a _usb group, and setting the permissions } > of /dev/ugen* and maybe also /dev/usb* to mode 0660 root:_usb? } > } > With this we should also be able to run services like pcscd (from } > pkgsrc) without requiring root. } } We had some discussion about this some time ago in the context of usb } scanners. Alternatives propsoed where the GiveConsole/TakeConsole } scripts used by X login managers and a script that matches certain } devices. } } An alterntive Jared suggested was to add console users temporarily to a } dynamic group. I like this idea. } } And I bet Jason would now chime in and talk about a aproper devfs ;-) I don't know to which Jason you are referring, but I will chime in support of this idea. I've often thought about going back and pulling the archives of the discussion around mjf-devfs and seeing if there is any useful code. Pointers to the early days of devfs in FreeBSD would also be welcome. What I don't want is the Solaris idea of "devfs" which was nothing but a symlink farm and caused massive headaches. }-- End of excerpt from Martin Husemann
Re: Providing access to USB devices
khor...@defora.org (Pierre Pronchery) writes: >> And I bet Jason would now chime in and talk about a aproper devfs ;-) >That would be my favourite option actually :) devfs wouldn't solve the issue. You still need a way to authenticate and grant privileges. -- -- Michael van Elst Internet: mlel...@serpens.de "A potential Snark may lurk in every tree."
Re: Providing access to USB devices
Hi Martin, tech-userlevel@, On 20/09/2018 10:49, Martin Husemann wrote: > On Thu, Sep 20, 2018 at 10:41:01AM +0200, Pierre Pronchery wrote: >> Would it make sense to create a _usb group, and setting the permissions >> of /dev/ugen* and maybe also /dev/usb* to mode 0660 root:_usb? >> >> With this we should also be able to run services like pcscd (from >> pkgsrc) without requiring root. > > We had some discussion about this some time ago in the context of usb > scanners. Alternatives propsoed where the GiveConsole/TakeConsole > scripts used by X login managers and a script that matches certain > devices. Well, I believe even this approach would benefit from an additional _usb group. GiveConsole/TakeConsole would simply grant membership; this can only be better than changing ownership to nodes in /dev. > An alterntive Jared suggested was to add console users temporarily to a > dynamic group. I like this idea. I like it too, however on UNIX it is trivial to make such temporary ownership become permanent (just create a setgid binary). In practice however, shouldn't it be granting membership to multiple groups instead of just one? Access to hardware components should be more granular than just one "_hardware" group. Some system services may also provide functionality without the final user requiring access to the hardware (like pcscd). > And I bet Jason would now chime in and talk about a aproper devfs ;-) That would be my favourite option actually :) Cheers, -- khorben
Re: Providing access to USB devices
On Thu, Sep 20, 2018 at 10:41:01AM +0200, Pierre Pronchery wrote: > Would it make sense to create a _usb group, and setting the permissions > of /dev/ugen* and maybe also /dev/usb* to mode 0660 root:_usb? > > With this we should also be able to run services like pcscd (from > pkgsrc) without requiring root. We had some discussion about this some time ago in the context of usb scanners. Alternatives propsoed where the GiveConsole/TakeConsole scripts used by X login managers and a script that matches certain devices. An alterntive Jared suggested was to add console users temporarily to a dynamic group. I like this idea. And I bet Jason would now chime in and talk about a aproper devfs ;-) Martin
Providing access to USB devices
Hi tech-userlevel@, I just realized that on my regular system, I modified the permissions for the ugen(4) device nodes to allow my regular user to access them: # ls -l /dev/ugen0.00 crw-rw 1 root wheel 64, 0 Dec 22 2014 /dev/ugen0.00 With this, I am generally able to use USB devices attaching as ugen(4) without being root. By default the MAKEDEV script makes these nodes 0600, root:wheel. I also see that in the case of GPIO, we have a _gpio group, and that the corresponding device nodes have permissions set to 0664. Would it make sense to create a _usb group, and setting the permissions of /dev/ugen* and maybe also /dev/usb* to mode 0660 root:_usb? With this we should also be able to run services like pcscd (from pkgsrc) without requiring root. Cheers, -- khorben