5

Under my sudoer user (non-root), I can see my device with lsusb. However, to see the iSerial number, I need to issue lsusb -v, I do get a lot of information printed, but the message "Couldn't open device, some information will be missing" will also be in the output. The iSerial is one of the missing information. Using sudo lsusb -v works fine.

I have tried to sudo chmod -R o+rw /dev/bus/usb, after this I am able to check iSerial without sudo. But after reboot, it won't work again. Also it won't help when new device plugged in.

Is there any better way to do this?

Conan
  • 403
  • 1
  • 5
  • 8
  • 2
    Warning: `sudo chmod -R o+rw /dev/bus/usb` is opening up a security hole on usb. Tip: You can edit `/etc/sudoers` to allow password less use of specified commands. – ctrl-alt-delor Jul 22 '16 at 22:52
  • Thank you for the warning. I have an application that has to run under non-root, that uses libusb.. – Conan Jul 22 '16 at 23:12
  • You could arrange for the devices to be owned by a group such as `usb`, and for the executable to be setgid `usb`. This will make the security better, but leaves you back at the start of this question, but instead of how to permanently change mode, how tot permanently change group. – ctrl-alt-delor Jul 22 '16 at 23:17
  • Does your application need to access all USB devices, or one specific device? How do you tell the application which device it should use? – Gilles 'SO- stop being evil' Jul 23 '16 at 12:37

3 Answers3

1

You might be able to get the information from udev, if it has noticed the device. For example I have a UPS device

$ lsusb | grep UPS
Bus 004 Device 041: ID 0463:ffff MGE UPS Systems UPS

Using the bus and device numbers (004/041) I can get information from udevadm without being root. This includes a ID_SERIAL_SHORT value which is the same as the iSerial value.

$ udevadm info -p $(udevadm info -q path -n /dev/bus/usb/004/041)
P: /devices/pci0000:00/0000:00:1d.0/usb4/4-1/4-1.4/4-1.4.2
N: bus/usb/004/041
E: DEVNAME=/dev/bus/usb/004/041
E: DEVPATH=/devices/pci0000:00/0000:00:1d.0/usb4/4-1/4-1.4/4-1.4.2
E: DEVTYPE=usb_device
E: DRIVER=usb
E: ID_BUS=usb
...
E: ID_SERIAL=EATON_ELLIPSE_BX9M050Z1
E: ID_SERIAL_SHORT=BX9M050Z1
...

$ sudo lsusb -v -s 004:041 | grep iSerial
iSerial                 4 BX9M050Z1
meuh
  • 49,672
  • 2
  • 52
  • 114
1

According to strace lsof opens device files with read and write permissions: 

open("/dev/bus/usb/003/001", O_RDWR)    = -1 EACCES (Permission denied)

You can use capability CAP_DAC_OVERRIDE to give root's power to read and write any file in a system only to lsusb utility runned by specific user.

This answer provides general instructions how to set up capabilities. In your case /etc/security/capabilities.conf shoud look like this:

CAP_DAC_OVERRIDE        your_username
none    *

Changes will take place on next login. Reboot is the simplest option. Check user capabilities:

$ capsh --print
Current: = cap_dac_override+i
...

Setting capability on lsusb utility:

$ setcap CAP_DAC_OVERRIDE+ie /bin/lsusb
$ getcap /bin/lsusb
/bin/lsusb = cap_dac_override+ie
olmstad
  • 198
  • 6
0

You could also write a udev rule especially for this device.

nano /etc/udev/rules.d/NN-Your_set_of_rules.rules

# My Device which should not have admin rights
ATTRS{idVendor}=="1234", ATTRS{idProduct}=="0042", MODE="664", GROUP="plugdev"

The device with vid/pid: 1234/0042 will still be owned by root, but will be assigned to the group "plugdev". If your user is a member to this group, you'll have access rights to it. You could choose any other group you desire. The Mode is the binary code for the Permissions of the device. Owner and Group can write and read others can only read the device.

Afterwards you can run lsusb -v to retrieve iSerial.

Cutton Eye
  • 405
  • 1
  • 4
  • 11