Hi People,
The core features of a program I am writing for work is to communicate with devices connected via USB. A few special USB Hubs, some FTDI devices, USB to Serial, GPIO and our custom hardware (through those interfaces). One of the phases of this program is to probe everything connected via USB *including* system hardware.
During the POC phase of this I discovered that my development user (uid=1001(...) gid=1001(...) groups=1001(...),0(wheel),5(operator),44(video),920(vboxusers) ) did not have access rights to USB Low Level interfaces. Running the program as root allows access and running as me does not. This is confirmed by the elevated permission requirement to run USBConfig.
Additionally, the program will be working with raw sockets to send data to a server.
A comment in my programming thread about this (https://forums.freebsd.org/threads/68319/) brought back the concept of a user group that would allow access to such activities.
I would like to know three things:
1) does this sound like a reasonable approach?
2) Is there an obvious alternative that I am missing?
3) What should I start reading to understand how to go about creating the custom user group to allow it to have access to the above?
=thoth=
The core features of a program I am writing for work is to communicate with devices connected via USB. A few special USB Hubs, some FTDI devices, USB to Serial, GPIO and our custom hardware (through those interfaces). One of the phases of this program is to probe everything connected via USB *including* system hardware.
During the POC phase of this I discovered that my development user (uid=1001(...) gid=1001(...) groups=1001(...),0(wheel),5(operator),44(video),920(vboxusers) ) did not have access rights to USB Low Level interfaces. Running the program as root allows access and running as me does not. This is confirmed by the elevated permission requirement to run USBConfig.
Additionally, the program will be working with raw sockets to send data to a server.
A comment in my programming thread about this (https://forums.freebsd.org/threads/68319/) brought back the concept of a user group that would allow access to such activities.
I would like to know three things:
1) does this sound like a reasonable approach?
2) Is there an obvious alternative that I am missing?
3) What should I start reading to understand how to go about creating the custom user group to allow it to have access to the above?
=thoth=