Better way to manage /proc/bus/usb/* ownership?
Kay Sievers
kay.sievers at vrfy.org
Sun Jul 8 16:04:46 PDT 2007
On 7/9/07, Jason Grant <expires07 at logular.com> wrote:
> On Sun, 2007-07-08 at 20:18 +0200, Kay Sievers wrote:
> > On 7/8/07, Fryderyk Dziarmagowski <freetz at gmx.net> wrote:
> > > --- Jason Grant <expires07 at logular.com> wrote:
> > >
> > > > On a fresh install of fedora7, gthumb reports an error "cannot claim USB
> > > > device" when my camera is inserted. This is because the files
> > > > under /proc/bus/usb have only root privileges.
> > >
> > > isn't /dev/bus/usb/* accessing a prefered way? I don't even have usbfs
> > > mounted and I can access my camera over libusb without smallest
> > > problems (same for scanner).
> >
> > Right, recent distros use /dev/bus/usb/ nodes managed by udev.
> > HAL/PolicyKit/ConsoleKit will grant/revoke access to usb devices by
> > adding/removing ACL's to nodes in /dev/bus/usb. The usbfs in /proc can
> > not be used, because it can't handle access control lists.
> >
> > Any work in that area should improve HAL/PolicyKit/ConsoleKit
> > integration. Upstream HAL can not support hacks that change the
> > primary owner/group setting of device nodes. Fast-user-switching, or
> > sane handling of multiple user sessions is not possible that way.
> >
> > Thanks,
> > Kay
> >
>
> Thanks for the responses.
>
> I'm an end-user that is new to HAL, and trying to understand where the
> gap is in Fedora, how best to introduce a temporary fix on my PC, and
> whether to report a fedora bug.
>
> >From what I can gather here, it sounds like changing ownership of /proc
> files is frought, and I should instead make sure the permissions
> under /dev/bus/usb should be managed properly. I'm still unclear -
> should I be introducing a udev rule for this, or is there an ACL
> mechanism in HAL that I should be using?
Fedora's pam_console should already do this for you today. If not,
then there its a bug in pam_console, or a device match to trigger
pam_console is missing.
The whole pam_console stuff will be replaced by HAL ACL handling some day.
Kay
More information about the hal
mailing list