# usbfs permission problems [SOLVED]

## Sadako

I've only recently noticed that I can no longer access devices through usbfs (digital camera, mp3 player) as user, only as root.

I can't say when the problem arose, but everything was fine before updating to the latest stable baselayout and udev packages.

Everything works fine as root, and the other users are members of the usb group.

I'm sure it's something extremely simple, but I don't know where to look (and yes, I've search the forums, and nothing).

Looking through /etc/udev/permissions.d/50-udev.permissions, I noticed the following;

```
# camera devices

camera*:root:root:0600

usb/dc2xx*:root:root:0600

usb/mdc800*:root:root:0600
```

That should be 0660, right? Can I just edit this file directly?

----------

## /dev/random

Not only should it be 0660 it should be changed from root:root to root:usb. However, if you're using pam (check the USE flags on the package shadow to see if you are) then /etc/security/console.perms is another place you should look to resolve this error.

----------

## Sadako

Thanks for the reply, haven't been able to work on the problem for the last few days.

I've made some adjustments to 50-udev.permissions and console.perms along the lines you suggested (yes, I'm using pam), but it didn't make any difference.

I tried using my scanner too, expecting to encounter the same problem, but I just received an error about libusb 0.1.8 not found. (I had upgraded to 0.1.10a). After reinstalling sane-backends, scanner worked fine as user.

Other usb devices, such as usb hard disk enclosure and mouse still work fine.

The exact error from gphoto2 is

```
*** Error ***

An error occurred in the io-library ('Could not claim the USB device'): Could not claim interface 0 (Operation not permitted). Make sure no other program or kernel module (e.g. dc2xx or stv680) is using the device and you have read/write access to the device.

*** Error (-53: 'Could not claim the USB device') ***
```

and from gnomad2/any of the libnjb utils (mp3 player software);

```
Could not open jukebox:

usb_set_configuration: Operation not permitted
```

Here are the mentioned files, with most of the seemingly irrelevant entries omitted to keep it readable;

/etc/udev/permissions.d/50-udev.permissions:

```
# misc devices

misc/nvram:root:root:0660

misc/rtc:root:root:0664

misc/inotify:root:root:0666

# scanner devices

scanner:root:root:0600

usb/scanner*:root:root:0600

# camera devices

camera*:root:usb:0660

usb/dc2xx*:root:usb:0660

usb/mdc800*:root:usb:0660

# memstick devices

memstick*:root:root:0600

# flash devices

flash*:root:root:0600

# diskonkey devices

diskonkey*:root:disk:0660

# rem_ide devices

microdrive*:root:disk:0660

# mainboard devices

apm_bios:root:root:0600

# scsi devices

sg*:root:disk:0660

pg*:root:disk:0660

cdwriter:root:disk:0660

# usb devices

usb/dabusb*:root:usb:0660

usb/mdc800*:root:usb:0660

usb/rio500:root:usb:0660

usb/legousbtower*:root:usb:0660

```

/etc/security/console.perms:

```

# file classes -- these are regular expressions

<console>=tty[0-9][0-9]* vc/[0-9][0-9]* :[0-9]\.[0-9] :[0-9]

<xconsole>=:[0-9]\.[0-9] :[0-9]

# device classes -- these are shell-style globs

<serial>=/dev/ttyS*

<cdrom>=/dev/cdrom* /dev/rdvd /dev/ide/*/*/*/*/cd /dev/scsi/*/*/*/*/cd \

        /dev/cdroms/* /dev/cdwriter* /mnt/cdrom*

<scanner>=/dev/scanner /dev/usb/scanner*

<camera>=/mnt/camera* /dev/usb/dc2xx* /dev/usb/mdc800*

<memstick>=/mnt/memstick*

<flash>=/mnt/flash*

<diskonkey>=/mnt/diskonkey*

<rem_ide>=/mnt/microdrive*

<kbd>=/dev/kbd

<mainboard>=/dev/apm_bios

<usb>=/dev/usb/dabusb* /dev/usb/mdc800* /dev/usb/rio500 /dev/ttyUSB* \

      /proc/usb/[0-9][0-9][0-9]/[0-9][0-9][0-9]

# permission definitions

<console>  0660 <serial>     0660 root.tty

<console>  0600 <cdrom>      0660 root.cdrom

<console>  0600 <scanner>    0600 root

<console>  0660 <camera>     0660 root,usb

<console>  0600 <memstick>   0600 root

<console>  0600 <flash>      0600 root

<console>  0600 <diskonkey>  0660 root.disk

<console>  0600 <rem_ide>    0660 root.disk

<console>  0600 <kbd>        0600 root

<console>  0600 <mainboard>  0600 root

<console>  0660 <usb>        0660 root.usb

#<xconsole> 0600 /dev/console 0600 root.root

<xconsole> 0600 <dri>        0600 root
```

Anybody have any ideas on where to go from here?

----------

## /dev/random

I used to have problems like your's so I had this in /etc/conf.d/local.start

```

chmod o+rwx /proc/bus/usb -R

```

Try that.

----------

## Headrush

 *Hopeless wrote:*   

> I've made some adjustments to 50-udev.permissions and console.perms along the lines you suggested (yes, I'm using pam), but it didn't make any difference.

 

Make the changes in 10-udev.permissions or your changes can be erased if udev is upgraded.

----------

## Sadako

 */dev/random wrote:*   

> I used to have problems like your's so I had this in /etc/conf.d/local.start
> 
> ```
> 
> chmod o+rwx /proc/bus/usb -R
> ...

 

Thanks, that worked, but only if the camera is connected at the time, and disconnecting then reconnecting the camera brings the error back.

However, as /proc/bus/usb is the mount point for usbfs, this pretty much proves it is a usbfs problem.

usbfs is mounted by the localmount init script, and I found something interesting in the /etc/init.d/localmount file;

```
        if [[ -n ${usbfs} ]] && \

           [[ -e /proc/bus/usb && ! -e /proc/bus/usb/devices ]]

        then

                ebegin "Mounting USB device filesystem (${usbfs})"

#               # Fetch usb gid from /etc/group; fixes bug 35860

#               usbgid=$(awk -F: '/^usb:/{print $3; exit}' /etc/group)

#               mount -t ${usbfs} ${usbgid:+-o devmode=0664,devgid=$usbgid}

                mount -t ${usbfs} usbfs /proc/bus/usb &>/dev/null

                eend $? "Failed to mount USB device filesystem"

        fi
```

The bug referenced (35860) describes the exact problem I'm having, and the suggested fix below works perfectly for me. 

```
umount /proc/bus/usb/ && mount -t usbfs none /proc/bus/usb/ -o devmode=0664,devgid=85
```

Uncommenting the lines within localmount (and commenting "mount -t ${usbfs} usbfs /proc/bus/usb &>/dev/null") should solve the problem permanently.

I'll probably have to reboot to test this, but I don't intend on doing so for a while, so I'm marking this as solved, at least for the moment.

Thanks for your help.

----------

## Headrush

Are you positive that the camera creates a /dev node and is not accessed through libusb?

If it is accessed through libusb there will not be a device node created. In this case you need to call a script to set the permissions as needed. There are several threads on USB scanners and the script to set the permissions. You can easily rename that script to work with your camera.

----------

## Sadako

 *Headrush wrote:*   

> Are you positive that the camera creates a /dev node and is not accessed through libusb?

 

Actually, I'm quite certain it doesn't create a dev node.

And it is accessed through libusb, as is my mp3 player, but my scanner (which works fine) is not (libusb is a dependency of both gphotio2/libgphoto2 and libnjb, but not of sane-backends).

However, I'm still convinced that the problem lies in usbfs, and how it is mounted at boot up (how closely are libusb and usbfs related, anyway?).

----------

## Headrush

 *Hopeless wrote:*   

> (how closely are libusb and usbfs related, anyway?).

 

What is Libusb ?

Libusb is a high-level language API which conceals low-level kernel interactions with the USB modules. It provides a set of function which are adequate to develop a device driver for a USB device from the Userspace. 

What is USBFS ?

USBFS is a filesystem specifically designed for USB devices, by default this filesystem gets mounted when the system is booted and it can be found at /proc/bus/usb/. This filesystem consists of information about all the USB devices that are connected to the computer.Libusb makes use of this filesystem to interact with the USB devices.

In laymen's terms: libusb allows easier access to structures of usbfs.

What you need is the correct scripts and entries in /etc/hotplug/usb/ to set the permissions in /proc/bus/usb

Udev sets permissions for /dev entries, so it has nothing to do with that or pam.

----------

## Headrush

Hopeless, can you reverse any changes you made to udev permissions and console.perms and the local.start script and remove any entries you added to /etc/fstab related to usbfs.

```
rc-update -s
```

and make sure localmount is in boot runlevel.

If it isn't, do this

```
rc-update add boot localmount
```

Reboot and then post the contents of /etc/mtab?

----------

## Headrush

 *Hopeless wrote:*   

> The bug referenced (35860) describes the exact problem I'm having, and the suggested fix below works perfectly for me. 
> 
> ```
> umount /proc/bus/usb/ && mount -t usbfs none /proc/bus/usb/ -o devmode=0664,devgid=85
> ```
> ...

 

This is the totally wrong method of solving this problem.

If anyone is interested in the correct method, please post and I will show how to do it right, otherwise I will consider thread done. 

(Original poster seems satisfied enabling write access to all of usbfs  :Smile:  )

----------

## /dev/random

I'm anal enough to want to know the proper way.

----------

## Sadako

 *Headrush wrote:*   

> This is the totally wrong method of solving this problem.
> 
> If anyone is interested in the correct method, please post and I will show how to do it right, otherwise I will consider thread done. 
> 
> (Original poster seems satisfied enabling write access to all of usbfs  )

 

I just marked this as solved because I found a way to access my devices, and I assumed that if the fix was included in the stable baselayout (albiet commented out) that there was nothing wrong with this method.

I would like to learn the right way to fix this, or in other words

 */dev/random wrote:*   

> I'm anal enough to want to know the proper way.

 me too.

Should I remove the solved from the title?

Anyway, getting back on track,

 *Headrush wrote:*   

> Hopeless, can you reverse any changes you made to udev permissions and console.perms and the local.start script and remove any entries you added to /etc/fstab related to usbfs.
> 
> ```
> rc-update -s
> ```
> ...

 

Localmount has always been in the boot runlevel. I've never added anything usbfs-related to fstab.

As requested, mtab, after a fresh boot;

```
/dev/hda2 / reiserfs rw,noatime,notail 0 0

proc /proc proc rw 0 0

sysfs /sys sysfs rw 0 0

udev /dev tmpfs rw,nosuid 0 0

devpts /dev/pts devpts rw 0 0

cachedir /lib/splash/cache tmpfs rw 0 0

/dev/hda5 /var reiserfs rw,noatime,notail 0 0

/dev/hda7 /usr reiserfs rw,noatime,notail 0 0

/dev/hda6 /usr/portage reiserfs rw,noatime 0 0

/dev/hda8 /home reiserfs rw,noatime,notail 0 0

/dev/hda9 /home/music reiserfs rw,noexec,nosuid,nodev,noatime,notail 0 0

none /dev/shm tmpfs rw 0 0

usbfs /proc/bus/usb usbfs rw 0 0

```

----------

## Headrush

HOW-TO to control access to /proc directory for non-root users moved here: https://forums.gentoo.org/viewtopic-p-2545791.html#2545791Last edited by Headrush on Mon Jul 04, 2005 2:29 am; edited 1 time in total

----------

## Sadako

Headrush;

I finally got a chance to try your method, which works perfectly.

So thank you for showing me the proper way of doing things.

On a side not, working through your instrutions gave me a far greater understanding of the whole "groups" thing, and some of it's uses, so thank you for that, too.

----------

## Headrush

Glad it helped. That's one thing I love about Gentoo, it's a great learning tool.

----------

## Sadako

 *Headrush wrote:*   

> Glad it helped. That's one thing I love about Gentoo, it's a great learning tool.

 

I couldn't agree more. I had never really used anything other than window$ before I started with gentoo almost a year ago.

While I obviously still have a hell of a lot to learn, I doubt I would have picked up half of the things I now know if I had started with mandrake or something similar.

Anyway, Thanks again.

----------

