[Nut-upsuser] USB problem as user
Peter Selinger
selinger at mathstat.dal.ca
Mon Apr 23 20:37:38 UTC 2007
Czuczy Gergely wrote:
> Peter Selinger wrote:
>
> > (1) Could you please run the two commands again, but this time, with
> > the environment variable USB_DEBUG=3, i.e., like this (assuming you
> > are using bash):
> >
> > USB_DEBUG=3 /lib/nut/newhidups -u nut -DD -a ups1
>
> debug level is '2'
> usb_set_debug: Setting debugging level to 3 (on)
> usb_os_init: Found USB VFS at /dev/usb
> ....
>
> > USB_DEBUG=3 /lib/nut/newhidups -u root -DD -a ups1
>
> debug level is '2'
> usb_set_debug: Setting debugging level to 3 (on)
> usb_os_init: Found USB VFS at /proc/bus/usb
> ....
Now this is interesting. Here your bug is clearly visible. When
running with "-u nut", libusb-0.1.10a looks in "/dev/usb", instead of
"/proc/bus/usb". It is not very surprising that it does not find any
useful devices.
A quick look at libusb-0.1.10a/linux.c (line 610, function
usb_os_init) reveals that libusb first checks /proc/bus/usb, and if
that is not readable, then it checks /sys/bus/usb and finally
/dev/usb. More specifically, what it does is it opens each directory
and looks for a file whose name does not start with ".". It does not
attempt to open any files, it only attempts to list the directory.
This confirms that /proc/bus/usb (the directory), for some reason, is
not readable by the "nut" user, despite
dr-xr-xr-x 1 nut nut 0 2006-04-06 17:10 /proc/bus/usb
dr-xr-x--- 4 root 6661 0 2006-04-06 17:10 /proc/bus
> > (2) is your machine running any access control system, such as
> > SELinux, which might restrict access to the USB system?
> nope. only grsecurity, but this part is not restricted i think.
> we usually do network-related restrictions.
The grsecurity website mentions Role-Based Access Control as one of
their features. This could mean that some special files are subject to
a security policy.
(5) What do the following show?
getfacl /proc/bus
getfacl /proc/bus/usb
(6) Is it possible to list the contents of /proc/bus/usb as an
ordinary non-root user?
(7) Can the "nut" user list the contents of /proc/bus/usb? The "nut"
user has no shell or password, but you should be able to test this as
follows (as root):
sudo -u nut ls -Ral /proc/bus/usb
-- Peter
More information about the Nut-upsuser
mailing list