Hey folks, while investigation possible solutions for PR 50340 (can't use uscanner* any more since the last sane-backends update), I thought about options to chown only a subset of usb devices to the current user owning the console, the idea is to pass things like scanners and epass/yubikey over, but not arbitrary devices happening to be connected via usb. Of course this is an admin decision and needs to be local configurable. Idealy it should be simple pattern list in /etc, but I did not get quite there. This all is important if you want to run tools like xsane (that can not run as root in any sane X config, but would need root to access the scanner device nodes). With uscannner* it was simple to chown only the uscanner* device nodes, but if you do not want that for all ugen* devices, it becomes tricky. The stuff attached depends on a (yet uncommited) patch by Jared to add a -x option to usbdevs, which acts like this: # usbdevs -x ugen0 ugen0 product=0x0001 vendor=0x055f rev=1.00 With this output it is easy to match the devices we are interested in. So I created three scripts: usbdev-chown-console-user this one gets the devices description and decides whether to chwon to the user or not. Idealy it would read a list file, but this was a good start for testing. usb-take-console this gests the device name passed and would be called either from a devpubd hook handling the attach event, or from /etc/X11/xdm/TakeConsole when the user logs in (and devices are already present) usb-release-console called from /etc/X11/xdm/GiveConsole when the user logs out Comments or better ideas how to handle this welcome! Martin
Attachment:
libexec-usb.sh
Description: Bourne shell script