LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Hardware
User Name
Password
Linux - Hardware This forum is for Hardware issues.
Having trouble installing a piece of hardware? Want to know if that peripheral is compatible with Linux?

Notices


Reply
  Search this Thread
Old 09-15-2003, 09:07 PM   #1
ratbert90
Member
 
Registered: Jan 2003
Posts: 67

Rep: Reputation: 16
How do you let users use usb devices?


Hi, Im using slackware 9.0 and I have a digital camera.
The kodak cx4300 to be exsact.
I installed gphoto and libghoto.
then I typed gphoto2 --auto-detect and the camera was detected

I then installed digikam and I cant connect to the camera!
I can connect to it as root, but not as a user.

How can I give normal users permission to use and to connect to this usb device?

any help would be greatly apreciated!
 
Old 09-15-2003, 11:00 PM   #2
ratbert90
Member
 
Registered: Jan 2003
Posts: 67

Original Poster
Rep: Reputation: 16
also, how do you let users mount cdroms?
that is another big thing, as I dont want to su into root every time I want to view a cdrom =]
 
Old 09-16-2003, 03:27 AM   #3
yapp
Member
 
Registered: Apr 2003
Location: Netherlands
Distribution: SuSE (before: Gentoo, Slackware)
Posts: 613

Rep: Reputation: 30
Quote:
Originally posted by ratbert90
also, how do you let users mount cdroms?
that is another big thing, as I dont want to su into root every time I want to view a cdrom =]
change /etc/fstab, and add the keyword "user" to the options field
 
Old 09-16-2003, 03:34 AM   #4
yapp
Member
 
Registered: Apr 2003
Location: Netherlands
Distribution: SuSE (before: Gentoo, Slackware)
Posts: 613

Rep: Reputation: 30
Re: How do you let users use usb devices?

Quote:
Originally posted by ratbert90
I can connect to it as root, but not as a user.

How can I give normal users permission to use and to connect to this usb device?
well, you're definitely looking in the right direction.
  • You at least, should give users access to the raw device file (in the /dev/ folder). I would recommend creating a specific group for that.

    At my slackware system, I have use 'sysops' group that has additional rights, such as accessing my webcam. Off course, I don't want virtually everyone to access my webcam (that's why I'd never recommend things like chmod 777)

    (chmod, groupadd and chown / chgroup be usefull here )
  • Find a way to execute the program as root: (only if you really have to)

    You could create enable the suid-root bit, and again, only allow the root+sysops to execute that program. (ie: it becomes rwx--x--- ) However, many security tutorials advise to limit the usage of suid-root programs.

    Uou can also try to use 'sudo'. The configuration file can be edited by 'visudo'. After changing the configuration, run the program with "sudo <programname>"


hope this helps

Last edited by yapp; 09-16-2003 at 03:39 AM.
 
Old 09-16-2003, 10:15 AM   #5
ratbert90
Member
 
Registered: Jan 2003
Posts: 67

Original Poster
Rep: Reputation: 16
Well, I wouldnt have a problem accessing it as root, but this is my dads pc, and I dont want him as root, because he doesnt know quite what hes doing :P
So a quick and easy guide as to how I can give him access to his usb camera would be a nice thing

so could I just do a chmod 666 /dev/* ?
 
Old 09-16-2003, 11:01 AM   #6
abarclay
LQ Newbie
 
Registered: Aug 2003
Posts: 26

Rep: Reputation: 6
Actually, the best way to do what you want is by editing
/etc/security/console.perms

For example, I want anyone who is logged in on the console
to be able to use all the local USB devices.

I added the following lines:
-----
<usb>=/proc/bus/usb/*/*
<console> 0600 <usb> 0600 root.wheel
-----

This means that when user "fred" logs into the console,
all the usb devices are changed to be 600 perms and
owned by fred. When fred logs out, the settings get put
back to 600 owned by root, and in group wheel.

By the way, some software may access the usb devices through
/dev files rather than /proc/bus/usb/, so you may have to do
things like this:
<scanner>=/dev/scanner /dev/usb/scanner*
 
Old 09-16-2003, 04:40 PM   #7
yapp
Member
 
Registered: Apr 2003
Location: Netherlands
Distribution: SuSE (before: Gentoo, Slackware)
Posts: 613

Rep: Reputation: 30
Quote:
Originally posted by ratbert90
Well, I wouldn't have a problem accessing it as root, but this is my dads pc, and I dont want him as root, because he doesn't know quite what hes doing :P
So a quick and easy guide as to how I can give him access to his usb camera would be a nice thing

so could I just do a chmod 666 /dev/* ?
allow everyone to read read+write, is a big security thread. In fact, it allows your dad to:
- wipe out the HD /dev/hd* with one single command. (cp /dev/zero /dev/hda1) ..or by accident, save a file as /dev/..., thereby overwriting it
- everyone to read/write raw sectors from your hd, bypassing every security check
- everyone direct to access any device, to for instance, your web-cam remotely.
- even allow everyone to flash your bios or cpu microcode....
etc..

definitely not something I would recommend



here is the trick. (i'll give you the shell commands, but you could also try any other user-interface off course, following my description)
  • Create a new group. For example "sysops"
    groupadd sysops
  • Add more users to these groups.
    Either use usermod, or edit the specific line in /etc/group. I'd stick with the second option.
  • In /etc/group, add yourself, and your dad. You need to login again before this change had effect.
  • Check if you're a member of the new group:
    id <username>
  • list the information of the device files you want to change
    ls -lh /dev/usb/*
    (for example, because I don't know what device-node you're about to change) based on that information, you might want to change some other steps below (ie. the chgrp and chmod parameters)

    Each file's access permissions consists of the following things:
    * Special rights for the owner of the file (typically root). Usually, he may read (r), write (w), and execute (x)
    * Special rights for the assigned group. (the second pair of rwx) often, group members may not change the file.
    * The last pair of 'rwx' flags is reserved for "anyone else", this includes users of your website, ftp, etc... Usually, they should not be given access to device nodes, or "suid-root" programs. (so it's --- in that case) for normal files, they should only be able to 'read' the file (r--)
  • Change the group-setting the device-node file:
    chgrp sysops <file name>
  • Allow members the previously defined group to read the file.
    chmod g+r <file name>
  • If you really have to give them write-access too, use
    chmod g+w <file name>
    or at once:
    chmod g+rw <file name>
    As you might have guessed, g+w, stands for group+write. It's a bit easier to understand this, then the decimal notation (well.. r=4, w=2, x=1; all you have to do is add them up, so rwxrw-r-- equals 764)
  • verify your changes with the ls command again.
  • see if it works

hope this helps

Quote:
Originally posted by ratbert90
...and I don't want him as root, because he doesn't know quite what hes doing :P
I hope I don't insult you by saying "anyone being root don't know what they're doing".

It is indeed, easier, because you don't need to worry about file access, but there are far more complicated things you should be worried about.

Being root offers viruses, or bad applications (such as an applet on a website) or command-typoo's a license to destroy your entire system, even destroy the hardware. When running as an unprivileged user, you still have enough freedom, all applications still work, and with the tips above, you can give yourself a little more permissions. (and 'su', or the kde-su are very helpful if you really have to be root)

Any background program (daemon) should preferrably not run as root either. If it's being hacked, you again, give the program a license to kill.

Unlike Microsoft Windows (xp), you don't have to be administrator all the time to be able to "do something useful". Installing a program under one kind of user, doesn't exclude other users from begin able to run the program too.

Last edited by yapp; 09-16-2003 at 04:43 PM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Permitting users to mount devices phonecian Linux - Security 3 11-06-2005 10:09 AM
Sharing USB devices between users sleepkreep Linux - Software 1 07-01-2005 09:26 PM
MDK 10.2: No USB at all (/proc/bus/usb/devices missing) shrodi Mandriva 5 07-01-2005 11:28 AM
How to allow all users Acess to usb devices not in /dev pHaT tAcO Debian 3 05-04-2004 06:34 PM
Widows partition and usb devices not usable by users! Menokh Linux - General 2 03-11-2004 07:16 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Hardware

All times are GMT -5. The time now is 03:53 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration