[systemd-devel] [udev] Scanner rule not applied during boot

Marcin Kocur marcin2006 at gmail.com
Tue Oct 20 16:47:01 UTC 2020 

W dniu 20.10.2020 o 13:44, Lennart Poettering pisze:
> On Mo, 19.10.20 21:19, Marcin Kocur (marcin2006 at gmail.com) wrote:
>
>> Hello systemd devs and users,
>>
>> I need an advice regarding USB scanner which rule is not(?) processed at
>> boot time. When I trigger it manually, the scanner device file gets proper
>> permissions.
>>
>> Here's the rule:
>>
>> cat /usr/lib/udev/rules.d/49-sane.rules |grep -A1 '1200 TA'
>> # Mustek BearPaw 1200 CS | Mustek BearPaw 1200 TA
>> ATTRS{idVendor}=="055f", ATTRS{idProduct}=="021e", MODE="0664",
>> GROUP="scanner", ENV{libsane_matched}="yes"
>>
>> Here it is how it looks like directly after the boot:
>>
>> lsusb
>> Bus 001 Device 003: ID 055f:021e Mustek Systems, Inc. BearPaw 1200 TA/CS
>>
>>
>> getfacl /dev/bus/usb/001/003
>> # file: dev/bus/usb/001/007
>> # owner: root
>> # group: scanner
>> user::rw-
>> group::rw-
>> other::r--
>>
>> And this is how it looks after triggering manually:
>> udevadm trigger -c add /dev/bus/usb/001/003:
>>
>> getfacl /dev/bus/usb/001/003
>> # file: dev/bus/usb/001/007
>> # owner: root
>> # group: scanner
>> user::rw-
>> user:mk:rw-   <<<<<<<< NOW MY USER IS HERE
> And?
>
> It's still owned by the "scanner" group like before, which the line
> three up shows you.
>
> The extra ACL entry probably comes from some "uaccess" rule somebody
> sets on the device. But I don#t now what rules you added or what sane
> sets there precisely.
>
> Lennart
>
> --
> Lennart Poettering, Berlin

Hi Lennart, thanks for your answer.

You're probably right, this rule sets different permissions than what is 
set on the device. So it must be some other rule.

I found via

udevadm test /dev/bus/usb/001/003

that there is a file /usr/lib/udev/rules.d/70-uaccess.rules which says:

# SCSI and USB scanners

ENV{libsane_matched}=="yes", TAG+="uaccess"

I don't how how this uaccess tag works, but I can assume that my scanner 
which is libsane_matched (as set by
/usr/lib/udev/rules.d/49-sane.rules) gets ACL permission added somewhere 
later thanks to this uaccess tag.

The question is if it works on manual trigger, why doesn't on boot time?

-- 
Pozdrawiam / Greetings
Marcin Kocur █

More information about the systemd-devel mailing list