# HOW-TO control /proc permissions to USB devices

## Headrush

With the new libusb packages, many USB devices are accessed through it and not through a device node in /dev.

Udev can not be used to set permissions for these devices since a /dev node doesn't exist.

This small HOW-TO will help to explain how to allow non-root access to these devices using the events generated by hotplug.

Requirements: I don't know the exact requirements, but hotplug is needed and probably libusb.

All these steps are run as root. 

 Make sure usbfs is mounted.

```
mount
```

Should list a line like this:

```
usbfs on /proc/bus/usb type usbfs (rw)
```

If it's not listed, you have a problem that needs to be fixed first.

Make sure you have script /etc/init.d/localmount running on boot. To check use

```
rc-update -s
```

If it isn't, add it like this:

```
rc-update add localmount boot
```

and start it now.

```
/etc/init.d/localmount start
```

emerge usbutils

Plug the usb device in you want to setup permissions for.

Run lsusb and note the vender id and product id for your device.

Here is a sample output of my device in this example

```
Bus 001 Device 002: ID 045a:500d SONICblue, Inc.
```

The first value after ID is the Vendor ID, and the second value after ID is the Product ID.

Change to /etc/hotplug/usb/

```
cd /etc/hotplug/usb/
```

 We are going to make a usermap file for your device. You can choose any name for the file as long as it ends in .usermap. For my example, I am setting up my Rio USB player. It's vender ID is 0x045a and it's product ID is 0x500d. So I created the file rio.usermap with the following contents:

```
rio 0x0003 0x045a 0x500d 0x0000 0x0000 0x00 0x00 0x00 0x00 0x00 0x00 0x00
```

The first word, (rio is my case),  is a program that we make that is called when the device is attached. You can chose any name but I like to keep the same name as the beginning as usermap file.

Leave the second value, (0x0003), but replace the second and third values with your vender ID and product ID.

 Now we are going to create the program that correctly fixes the permissions. Remember to create the file with the name you used as the first word in your .usermap file. (In my case rio)

Past the following into the file you just created.

```
#!/bin/sh

# This file is part of sane-backends.

#

# This script changes the permissions and ownership of a USB device under

# /proc/bus/usb to grant access to this device to users in the scanner group.

#

# Ownership is set to root:scanner, permissions are set to 0660.

#

# Arguments :

# -----------

# ACTION=[add|remove]

# DEVICE=/proc/bus/usb/BBB/DDD

# TYPE=usb

if [ -z "${DEVICE}" ] ; then

        IF=$(echo ${DEVPATH} | sed 's:\(bus/usb/devices/\)\(.*\)-\(.*\):\2:')

        if [ -r /sys/${DEVPATH}/devnum ]; then

             DEV=$(cat /sys/${DEVPATH}/devnum)

        else

             DEV=1 # you'll have to adjust this manually for kernel < 2.6.6

        fi

        DEVICE=$(printf '/proc/bus/usb/%.03d/%.03d' ${IF} ${DEV})

fi

if [ "$ACTION" = "add" -a "$TYPE" = "usb" ]; then

  chown root:rio "$DEVICE"

  chmod 0660 "$DEVICE"

fi
```

This code is orginally from the sane-backends package.

 These lines

```
chown root:rio "$DEVICE"              # set owner=root and group=rio

chmod 0660 "$DEVICE"                  # root access=rw, group access=rw
```

set the owner, group and permissions. Change these as required for your needs.

(For those noobies, 660 is common and allows read and write access to root and members of the group)

In my case root is owner and the group is rio. Both owner and group members have read-write access.

 Make sure this file is executable. In my case

```
chmod a+x rio
```

 Create the new group which you will allow access to this device. (Matches the group you set in file above) In my case, rio.

```
groupadd rio
```

 Now use the gpasswd command to add users to the group you created in /etc/group.

In my example, I am going to add user fred to group rio.

```
gpasswd -a fred rio
```

 Logout of account. Login again. (Forces changes to group membership to be recognized. There is another method to source some files, but I can't remember which.

 If you check /proc/bus/usb/... you device should have the owner, group, and permissions you set. If you properly included yourself in the group and gave write access, you should be able to access the device as the user.

This should work with all devices that use libusb and don't use device nodes.Last edited by Headrush on Mon Jul 18, 2005 5:21 pm; edited 3 times in total

----------

## Caustiq

Hey, thank you! My Nomad Zen Xtra MP3 player couldn't be read by gnomad2 after I updated libusb. Your HOW-TO helped me fix the problem, and taught me a few new things.

----------

## Isaiah

This worked for me too  :Very Happy:  One thing I noticed that may help someone - in /proc/bus/usb/ the device number changes incremently (3,4,5...) everytime I turn my camera off and on or reboot the computer (must remove and redetect camera for digikam to work in either case).

Thanks  :Exclamation: 

P.S. Digikam's auto-detect was the culprit - manually adding the camera just points to the usb port.

port with auto-detect - usb:001,003 (the last number is the one that changes)

port when adding manually - usb: (all that is required - works here everytime)

----------

## inha

I tried this approach to my usb issues (https://forums.gentoo.org/viewtopic-t-361665.html) but couldn't get it to work. 

mount output gives me: usbfs on /proc/bus/usb type usbfs (rw,devmode=0664,devgid=85), do the permissions look right?

----------

## Headrush

 *inha wrote:*   

> I tried this approach to my usb issues (https://forums.gentoo.org/viewtopic-t-361665.html) but couldn't get it to work. 

 

Did you follow this guide?

 *inha wrote:*   

> mount output gives me: usbfs on /proc/bus/usb type usbfs (rw,devmode=0664,devgid=85), do the permissions look right?

 

Yes

----------

## inha

Yes I followed it. 

I plug the player in and lsusb gives me: Bus 001 Device 003: ID 041e:411e Creative Technology, Ltd

In /etc/hotplug/usb I created a file nomad.usermap

```

nomad 0x0003 0x041e 0x411e 0x0000 0x0000 0x00 0x00 0x00 0x00 0x00 0x00 0x00

```

and a file nomad

```

#!/bin/sh

# This file is part of sane-backends.

#

# This script changes the permissions and ownership of a USB device under

# /proc/bus/usb to grant access to this device to users in the scanner group.

#

# Ownership is set to root:scanner, permissions are set to 0660.

#

# Arguments :

# -----------

# ACTION=[add|remove]

# DEVICE=/proc/bus/usb/BBB/DDD

# TYPE=usb

if [ -z "${DEVICE}" ] ; then

        IF=$(echo ${DEVPATH} | sed 's:\(bus/usb/devices/\)\(.*\)-\(.*\):\2:')

        if [ -r /sys/${DEVPATH}/devnum ]; then

             DEV=$(cat /sys/${DEVPATH}/devnum)

        else

             DEV=1 # you'll have to adjust this manually for kernel < 2.6.6

        fi

        DEVICE=$(printf '/proc/bus/usb/%.03d/%.03d' ${IF} ${DEV})

fi

if [ "$ACTION" = "add" -a "$TYPE" = "usb" ]; then

  chown root:nomad "$DEVICE"

  chmod 0660 "$DEVICE"

fi

```

nomads permissions: rwxr-xr-x

Then I created the group and added the user to it. After logging out and back in gnomad2 gives me this:

(gnomad2:7581): GnomeUI-WARNING **: While connecting to session manager:

Authentication Rejected, reason : None of the authentication protocols specified are supported and host-based authentication failed.

----------

## Headrush

 *inha wrote:*   

> nomads permissions: rwxr-xr-x
> 
> Then I created the group and added the user to it. After logging out and back in gnomad2 gives me this:
> 
> (gnomad2:7581): GnomeUI-WARNING **: While connecting to session manager:
> ...

 

That is a program error, I can't tell you anything about that.

Can you post the ls -l from the appropriate section in /proc for this device?

Make sure that it is setting owner, group, and permissions before worrying about the program.

If they aren't set right, it could be PAM causes problems. I have trmoved PAM from my system, so I can't give you much help with that.

----------

## inha

from /proc/bus/usb/001 

-rw-rw-r--  1 root usb

-rw-rw----  1 root nomad

----------

## Headrush

 *inha wrote:*   

> from /proc/bus/usb/001 
> 
> -rw-rw-r--  1 root usb
> 
> -rw-rw----  1 root nomad

 

Are you 100% sure your username is in nomad?

Otherwise, the permissions are setup fine and seem to be working. The error is related to gnome or the program.

I can't help much as I am a purely KDE guy.  :Very Happy: 

Since this isn't related to /proc, please continue your questions in the other thread you started for this problem. 

Sorry, wish I could help more.

----------

## inha

100% sure. Thanks anyways.

----------

## M104

Nice guide, though I got to step 6 and decided to take a detour.  Instead of making a rule and new script just for the particular camera you have, why not modify what's already there and just simplify it for your needs?  This is what I did:

same as above...

same as above...

Rewrite the "usbcam" script:

```
# cd /etc/hotplug/usb

# cat > usbcam
```

Then copy and paste this:

```
#!/bin/bash

if [ "${ACTION}" = "add" ] && [ -f "${DEVICE}" ]

then

    chmod 0000 "${DEVICE}"

    chown root:usb "${DEVICE}"

    chmod 0660 "${DEVICE}"

fi
```

Then finish off the paste with a CTRL+D.

Add yourself to the "usb" group.  If you're already in "usb", skip this step.

```
# gpasswd -a <username> usb
```

Then log your user out and back in again to update your user.

Remove your USB camera and plug it back in.

Test away!

The nice thing here is that all cameras listed in /etc/hotplug/usb/usbcam-gphoto2.usermap are now going to be given the 660 root:usb permissions since the "usbcam" script is set to execute for each of them.

Edit: If I'd looked longer, I would have seen this topic which recommends basically the same thing.

----------

## Headrush

You could do that. 

This was just a general guide for any device. More and more scripts and usermaps are being added automatically also.

Plus, if you don't use ghoto2 like me, you won't have a usbcam script.

----------

## M104

 *Headrush wrote:*   

> Plus, if you don't use ghoto2 like me, you won't have a usbcam script.

 

Good point.  Too bad you have to modify anything at all, though, since this all used to work "out of the box" so to speak.   :Sad: 

----------

## Headrush

 *M104 wrote:*   

> Good point.  Too bad you have to modify anything at all, though, since this all used to work "out of the box" so to speak.  

 

You would think there would be some usermap lists maintained for different devices; cameras, scanners, for Linux.

(scanner.usermap, camera.usermap, etc)

Sort of like how the pciids list is maintained to supply info to lspci.

As new devices come out the list could be updated.

The device would point to a generic script to start and you could customize it if your wanted.

----------

## kly84g

I have gone through all the threads I can find on this subject, and I still have the same problem that many others seem to have had, but none of the suggested solutions work.

The Problem

I have a Canon Powershot A630 camera.  When I first tried it in October, it worked with gphoto2 as a generic PTP camera, without any special settings or tweaks.

But after several system upgrades in the last month, I can no longer access it except as root, unless I manually change permissions and/or group and/or owner of /proc/bus/xxx/yyy.  It works perfectly when I run gphoto2 or gtkam as root.

The versions of relevant packages are:

```
libgphoto2 2.1.6-r1

hotplug 20040923-r2

udev 103

libusb 0.1.11

usbd 0.1

gentoo-sources 2.6.11-r11

```

Any suggestions?

----------

## Headrush

So what have you done? Did you follow this howto?

Unless something has recently changed in hotplugging I'm not away of, this should work.

----------

## kly84g

 *Headrush wrote:*   

> So what have you done? Did you follow this howto?
> 
> Unless something has recently changed in hotplugging I'm not away of, this should work.

 

Here is my output from lsusb:

```
Bus 002 Device 063: ID 04a9:313a Canon, Inc.
```

Here is the line from usbcam.usermap:

```
usbcam               0x0003      0x04a9   0x313a    0x0000       0x0000      0x00         0x00            0x00         0x00            0x00               0x00               0x00000000
```

Here is my most recent usbcam (I've played around with this quite a bit; this is back to your code):

```
#!/bin/sh

# This file is part of sane-backends.

#

# This script changes the permissions and ownership of a USB device under

# /proc/bus/usb to grant access to this device to users in the scanner group.

#

# Ownership is set to root:scanner, permissions are set to 0660.

#

# Arguments :

# -----------

# ACTION=[add|remove]

# DEVICE=/proc/bus/usb/BBB/DDD

# TYPE=usb

if [ -z "${DEVICE}" ] ; then

        IF=$(echo ${DEVPATH} | sed 's:\(bus/usb/devices/\)\(.*\)-\(.*\):\2:')

        if [ -r /sys/${DEVPATH}/devnum ]; then

             DEV=$(cat /sys/${DEVPATH}/devnum)

        else

             DEV=1 # you'll have to adjust this manually for kernel < 2.6.6

        fi

        DEVICE=$(printf '/proc/bus/usb/%.03d/%.03d' ${IF} ${DEV})

fi

if [ "$ACTION" = "add" -a "$TYPE" = "usb" ]; then

  chown root:camera "$DEVICE"

  chmod 0660 "$DEVICE"

fi

```

Here is the resulting /proc listing (the last item):

```
ls -l /proc/bus/usb/002

total 0

-rw-r--r-- 1 root root  43 Dec 18 21:41 001

-rw-r--r-- 1 root root  43 Dec 18 21:41 002

-rw-r--r-- 1 root usb  147 Dec 18 21:41 003

-rw-r--r-- 1 root root  57 Dec 21 18:55 063

```

Like you, I think this should work.  I'm trying a newer kernel, just in case there is a bug in this particular one.  I'll also try rebooting with my old kernel.

----------

## kly84g

The answer is:

```
export USB_DEVFS_PATH=/proc/bus/usb
```

See https://forums.gentoo.org/viewtopic-t-525320.html

----------

