usbfs aka /proc/bus/usb entries rights and ownership
1. What’s the problem with USBfs permissions?
Some USB devices are accessed by applications not via /dev device files, but via /proc/bus/usb (aka the usbfs filesystem) entries.
Usually, the default rights on those /proc access points only allow root to work with that device. Obviously, this is not something you want.
When you use /dev devices you can simply go and chmod and chown the device file. But with usbfs that doesn’t work, because entries appear and dissapear as you connect/disconnect devices or as you power them on or off. Furthermore, the names of the entries that appear under /proc/bus/usb is always different and you cannot predict it.
So, basically, you have these access points whose names cannot be predicted, which need to be assigned certain rights and ownership upon creation.
2. Partial solutions
One idea is to use those devices as root, which is highly not recommended.
One other thing you can do is to have something that will watch /proc/bus/usb all the time and grant those rights when something appears.
Hotplug is a tool which (among other things) does exactly this: watches out for new USB connections and enforces rights and ownership. It’s very flexible, but I for one do not like the idea of having to install yet another dedicated tool for such a seemingly mundane task. Of course, hotplug can do much more, but what if I only need this one thing?
Another makeshift solution can be to write a small shell script which does the same thing as hotplug. While this can be a quicker solution, it’s a hack and I don’t entirely like it.
3. The proper solution
The best, obviously, is to be able to enforce default rights and ownership on usbfs. As with other filesystems, I thought there might be some /etc/fstab options than can help. But common ones like umask or mode did not work.
However, after reading through /usr/src/linux/Documentation, I came across a file which mentioned that certain source files of the Linux kernel hold some “secret” options for usbfs. I checked and I found them. Here they are, with the values I use on my system:
devmode=0660,busmode=0770,listmode=0660: applyrw-rw----on files andrwxrwx---on directories.busuid=0,devuid=0,listuid=0: put root as the user owning the files and dirs.busgid=100,listgid=100,devgid=100: put group with the ID 100 (choose something else for your system) as group owner for the files and dirs.
The above setup allows only root and members of a certain group to use USB devices fully, and nobody else. If you have all the users in a group already (such as “users”, which is a common default on many distributions) you can look in /etc/group and get its numeric ID from there.
If you don’t want to allow all the users access, you can make a group called something else (such as “usbusers”), assign only certain users as members of this new group, and then use its numeric ID instead.
To make this work you’ll need to stick the above options into /etc/fstab, at the usbfs entry. If you don’t know which one it is, have a look here. Replace “defaults” with a comma-separated list of the options above.
In case you care: the dev* options are for usb device directories (ie. /proc/bus/usb/003/), list* options are for the USB main files (ie. /proc/bus/usb/devices), and bus* options are for device files (ie. /proc/bus/usb/003/001).
These options work with 2.4 and 2.6 kernels.
/proc support, which cannot be made into a module, it can only be built-in the kernel. So the moment the support kicks in is only at boot time.