Better way to manage /proc/bus/usb/* ownership?

Kay Sievers kay.sievers at vrfy.org
Sun Jul 8 16:17:16 PDT 2007


On 7/9/07, Kay Sievers <kay.sievers at vrfy.org> wrote:
> On 7/9/07, Jason Grant <expires07 at logular.com> wrote:
> > On Sun, 2007-07-08 at 20:18 +0200, Kay Sievers wrote:
> > > On 7/8/07, Fryderyk Dziarmagowski <freetz at gmx.net> wrote:
> > > > --- Jason Grant <expires07 at logular.com> wrote:
> > > >
> > > > > On a fresh install of fedora7, gthumb reports an error "cannot claim USB
> > > > > device" when my camera is inserted. This is because the files
> > > > > under /proc/bus/usb have only root privileges.
> > > >
> > > > isn't /dev/bus/usb/* accessing a prefered way? I don't even have usbfs
> > > > mounted and I can access my camera over libusb without smallest
> > > > problems (same for scanner).
> > >
> > > Right, recent distros use /dev/bus/usb/ nodes managed by udev.
> > > HAL/PolicyKit/ConsoleKit will grant/revoke access to usb devices by
> > > adding/removing ACL's to nodes in /dev/bus/usb. The usbfs in /proc can
> > > not be used, because it can't handle access control lists.
> > >
> > > Any work in that area should improve HAL/PolicyKit/ConsoleKit
> > > integration. Upstream HAL can not support hacks that change the
> > > primary owner/group setting of device nodes. Fast-user-switching, or
> > > sane handling of multiple user sessions is not possible that way.
> > >
> > > Thanks,
> > > Kay
> > >
> >
> > Thanks for the responses.
> >
> > I'm an end-user that is new to HAL, and trying to understand where the
> > gap is in Fedora, how best to introduce a temporary fix on my PC, and
> > whether to report a fedora bug.
> >
> > >From what I can gather here, it sounds like changing ownership of /proc
> > files is frought, and I should instead make sure the permissions
> > under /dev/bus/usb should be managed properly.  I'm still unclear -
> > should I be introducing a udev rule for this, or is there an ACL
> > mechanism in HAL that I should be using?
>
> Fedora's pam_console should already do this for you today. If not,
> then there its a bug in pam_console, or a device match to trigger
> pam_console is missing.

Oops, sorry, that was the scanner stuff with the weird pam_console
matches in udev. Gphoto supported cameras should already be handled by
setting ACL's by HAL:
  https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=229230

Kay


More information about the hal mailing list