C Non-Root Programmatic Access to Hardware using LibFTDI and LibUSB

T

ThothK

Hi People,

I am working on a program that communicates with hardware using LibUSB and LibFTDI. When I run the program as root, everything is fine and the devices are accessed. When I run the user as my development user (in the admin group), the program cannot access connected hardware.
This actually caused a problem for a week as I thought something was wrong with either the libraries or my code which resulted in me spending a lot of time looking at the source of LibUSB and LibFTDI.
Part of this program does something similar to USBConfig which requires elevated permissions on my development system to run.

Code: 
Predator: LPOCheck: usbconfig
No device match or lack of permissions.
Predator: LPOCheck: sudo usbconfig
ugen0.1: <0x8086 XHCI root HUB> at usbus0, cfg=0 md=HOST spd=SUPER (5.0Gbps) pwr=SAVE (0mA)
ugen0.3: <Logitech USB Receiver> at usbus0, cfg=0 md=HOST spd=FULL (12Mbps) pwr=ON (98mA)
...
Predator: LPOCheck: usbdump
usbdump: Could not open BPF device: Permission denied
Predator: LPOCheck: ktrace usbdump
usbdump: Could not open BPF device: Permission denied
Predator: LPOCheck: sudo ktrace usbdump
18:03:00.459840 usbus0.5 SUBM-ISOC-EP=00000003,SPD=FULL,NFR=32,SLEN=0,IVAL=0
18:03:00.459842 usbus0.5 DONE-ISOC-EP=00000003,SPD=FULL,NFR=32,SLEN=0,IVAL=0,ERR=0
...
I went down the BPF (Berkeley Packet Filter) rabbit hole but I either missed something or do not see how this affects access.
Since this program is to be used by regular users with few rights, I would like to know what group(s) I have to add users to in order to access hardware via LibUSB and LibFTDI. I have not seen ... or I don't recall anything that specifically talks about this.
Both my development user and the root user are members of the wheel and operator groups.
The end goal is for my development account to run the program normally (which includes debugging) and the regular user accounts to be able to run the program normally.
What groups should I research more? What do I have to learn about accessing hardware?
so much to learn, so little time.

I have been working long hours and sleeping not long hours for a bit. I hope my question is clear enough.


=thoth=
 
Hi Unitrunker,

unitrunker said:
https://www.freebsd.org/cgi/man.cgi....2-RELEASE+and+Ports&arch=default&format=html
Set a devd rule to apply permissions to the device when it attached to the USB stack.
Click to expand...

Thanks.
I think this is part of the solution. However, looking at the Device Daemon and USB man pages, I do not see how this will be a complete solution or there is something I am missing. Both root and my development user are members of the wheel and operator groups. Yet my development user has to use elevated permissions to execute USBConfig.

Your answer brought me back to the concept of a user group, but I need to understand what is restricting access to the USB Bus at the level I need to work with it.


=thoth=
 
Hi People,

My related thread was shut down (*sigh*). I am adding that request to this one. Adding the other request to this one seems to me to make this one less specific as well as being in the wrong place.

The other thread was here: https://forums.freebsd.org/threads/68326/ and was about a user group for the system that would allow access.

To this thread, I would also like to know what do I need to know and where is it located so I can design a user group that would allow access to the USB Bus and raw sockets for the users of these systems.

Right now, I have thirty-something of the systems deployed in North America, South America, East Asia, Australia, Northern Europe, and Central Europe. Next year, I'll probably deploy another five or six based on forecast sales.
The user accounts that are used to perform the business function of connecting to the company I work for custom devices through USB need to run software that:
- Scans attached hardware using LibUSB and LibFTDI.
- Scans system hardware using LibUSB and LibFTDI.
- Uses raw sockets to communicate with a server.

My thought is to learn whatever I need to learn to create a user group to which I add the user accounts that are used to perform the work and my test user accounts.
Perhaps the user group is the wrong path, I don't know. Perhaps a better path is to programmatically hook into a system service. I am open to suggestions.

Right now, my list of questions is:
1. How do I programmatically access devices on the USB Bus for non-root users?
2. What system components restrict and / or manage access rights to system hardware via USB?
3. What system components restrict and / or manage access rights to sockets?
4. What rights and / or privileges would I have to give a user group to allow access to devices on the USB bus and raw sockets?
5. What are strategies for implementing number four?
6. How can I examine a user group to determine what rights it has (vboxusers, for example)?

I apologize for bundling the separate issues together in this thread. As I said, my other thread was shut down.


=thoth=
 
Use chmod(1) to give group / user access to the appropriate entries in the device tree.
Writing a devd rule allows the system to do this automatically at boot-up and at the time a device plugged into a USB port.
 
If you want to use an existing user group, dialer and cups might be good candidates, depending on what other requirements your systems will have.
 
You must log in or register to reply here.
Back
Top