Configure a USB device to be used by a non-root user

Q: I have device file that appears in /dev when a specific board is plugged in. The read and write operations to it work just fine, but in order to open the device file the program needs to be executed with root priveledges. Is there any way I can all a non-root user to open this one specific device file without having to use sudo?

A: Yes, you may write an udev rule.

In /etc/udev/rules.d make a file 30-mydevice.rules (number has to be from 0 to 99 and decides only about the script running order; name doesn’t really matter, it has just to be descriptive; .rules extension is required, though)

In this example I’m assuming your device is USB based and you know it’s vendor and product id (can be checked using lsusb -v), and you’re using mydevice group your user has to be in to use the device. This should be file contents in that case:

SUBSYSTEM=="usb", SYSFS{idVendor}=="0123", SYSFS{idProduct}=="4567", ACTION=="add", GROUP="mydevice", MODE="0664"

Note: MODE equal to 0664 allows device to be written to by it’s owner (probably root) and the defined group.

One way is to add the user to the corresponding “devivce-group”. There are a whole range of groups for various sorts of devices (disk, floppy, tty, video, cdrom, …) under Linux, so you can add the user to the corresponding group in /etc/group. (This is what I did to make a webcam accessible to a non-root user.)

Another way is to make a “pseudo-user” (eg. the games-user). You add this user to the device-groups it should have. Finally you change the owner of certain programs (like a program for scanning images) to this user, and set “chmod u+s” . This will cause the program to be run as the pseudo-user – not the real user, thus having access to the devices. You can use the group of the programs to limit which user may execute the program.

Finally, you can set the group of programs needing a specific device to the device-group and set “chmod g+s”. This will cause the program to run with the rights of the group (in addition to the right of the normal user running it), thus allowing extended access to the device.

 

 

Advertisements