[BLFS Trac] #1976: Udev rule required to support non-root use of lsusb

Archaic archaic at linuxfromscratch.org
Sat May 20 15:00:33 PDT 2006


On Sat, May 20, 2006 at 02:21:51PM -0000, BLFS Trac wrote:
> 
>  I can confirm that non-root users do not see any output when running
>  the lsusb program.

Randy, what is your udev rule for USB? The most recent udev-config
tarballs (20060502 and later) have (on one line):

SUBSYSTEM=="usb_device", PROGRAM="/bin/sh -c 'X=%k X=$${X#usbdev}
B=$${X%%%%.*} D=$${X#*.}; echo bus/usb/$$B/$$D'", NAME="%c"

This will create raw usb devices as root:root mode 660.

Then, BLFS (on the libusb page) adds the usb group to it via:

SUBSYSTEM=="usb_device", GROUP="usb"

*If* it is deemed that it is safe for all users to be able to read from
a raw USB device (which I don't pretend to know) then try either adding
the users to the usb group (assuming you have the above BLFS rule), or
try modifying the BLFS line to:

SUBSYSTEM=="usb_device", GROUP="usb", MODE="664"

The difference between the 2 pieces of software seems to be that lspci
isn't reading from a device node. If that is true, and if libusb does
require reading the device nodes, then giving more access to those nodes
may weaken security. I'm not sure how the 2 programs work, though. The
664 may not be a good thing. Adding someone to the usb group should be
sufficient (if you have the 1st BLFS rule listed above). Then it becomes
a matter of sysadmin choice as to who can see the output.


-- 
Archaic

Want control, education, and security from your operating system?
Hardened Linux From Scratch
http://www.linuxfromscratch.org/hlfs




More information about the blfs-book mailing list