USB PERMISSION DAEMON

The usb_perms program is a very simple daemon that allows "known" USB peripherals to have their access permissions set to specific values. While not a perfect solution, it does help.

It requires the that the kernel support USB (for 2.2 kernels you need the backport of the 2.3 USB code) and the usbdevfs filesystem, you don't need full devfs support (in fact I think you don't need it if you have devfs but I'm not sure). It also needs the libusb user-space USB library to access the system. Currently it relies on the device & bus format of the CVS version (as that is what is used by gphoto2).

Why did it write it? For the very simple reason that I got fed up with having to do su -c 'chmod a+w /proc/bus/usb/001/002 every time I plugged in my digital camera.

Getting it

Currently it's only available in source form from here.

Building & Installing

At present the building & installation is very simple. 

tar xzvf usb_perms.tar.gz
cd usb-perms
make
su -c 'make install'
This will build it using gcc and install in /usr/local/sbin. If you don't have libusb it won't link. There isn't any nice configure script to check that all your include files etc. are where they are expected to be.

If you want the executable anywhere other than /usr/local/sbin or the init script anywhere other than /sbin/init.d you need to edit the Makefile and change the PREFIX and RCDIR values.

The resource file

The default resource file is /etc/usb_perms The format of the resource file is very simple.

For example to set a Canon PowerShot S20 digital camera to world write access and leave its GID unchanged you need the line: 

 04a9 3043  0666 0
Alternatively if you wish to restict access to members of the video group (which on my system is group 33) you could use: 
  04a9 3043  0664 33
Which will set the group to 33 and give group write access.

Permissions on devices with a vendor ID or product ID of 0 are not accepted; this is so that you can't change the permissions of the controller, which is probably not a good idea.

The program in the test subdirectory if the libusb distribution will print the Vendor and Product ids of any connected devices. (In fact the bus scanner in this daemon is a descendant of that program).

Invocation

To start it you can do one of 2 things:

Direct invocation

As root from the command line enter the command: 
usb_perms
The options are:
Long Short Argument Default Description
--file -f filename /etc/usb_perms The name of the file from which to read the list of known devices.
--time -t number 3 The number of seconds to wait between polling the /proc/bus/usb system
--verbose -v 0, 1, or 2 0 0: only report failures, 1: (default) Report any changes on the bus, 2: keep up a running commentary (specifying -v without an argument is equivalent to -v2).
--daemon -d none If this option is set then the program is run as a daemon, otherwise it just runs in the foreground.

Via the init script

A startup script usb_permd is provided which will be installed in /sbin/init.d (where SuSE puts init scripts). It provides, procedures to: start, stop, restart, reread resources and get the status of the daemon (unless you edit the script, it starts with the options --verbose=1 --daemon).

You can of course make Start and Kill links in suitable run-level directories if you want it to start automatically on system boot.

When in daemon mode, the pid is written to /var/run/usb_perm.pid and any messages from the daemon go to /var/log/usb_perm.log.

WARNING

While I am not aware of any security implications from this program, that doesn't mean there aren't any. If you do find a hole, please (1) discontinue using it (2) let me know about the problem (preferably with a fix) (3) remember that there is NO WARRANTY on this software (see below).

Licence

usb_perms is licenced under the GNU General Public Licence -- see the file COPYING in the distribution for details.

This page last modified Sun Sep 10 18:21:13 2000 by James Tappin.