[avr-chat] JTAGICE mkII, UDEV, and PAM

avr-chat

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[avr-chat] JTAGICE mkII, UDEV, and PAM

From:	pladow
Subject:	[avr-chat] JTAGICE mkII, UDEV, and PAM
Date:	Tue, 3 Mar 2009 10:20:51 -0800
User-agent:	Mutt/1.5.18 (2008-05-17)

I know this has been hashed over many times.  But despite hours of time
Googling this, I still can't find quite the right solution. I have it working,
but I don't think it is quite right nor am I comfortable with it.

So, I'm trying to use my JTAGICE mkII with Fedora Core 10.  I did the usual
and created some udev rules.  When the mkII is connected, I get the correct
ownership, but the permissions are fixed at 0600.  Here's my udev rule
(I have the group as a group id, since I am using NIS):

# JTAGICE mkII
ACTION=="add",SUBSYSTEM=="usb",SYSFS{idVendor}=="03eb",SYSFS{idProduct}=="2103",GROUP="504",MODE="0666"
# AVRISP mkII
ACTION=="add",SUBSYSTEM=="usb",SYSFS{idVendor}=="03eb",SYSFS{idProduct}=="2104",GROUP="504",MODE="0666"
# Dragon
ACTION=="add",SUBSYSTEM=="usb",SYSFS{idVendor}=="03eb",SYSFS{idProduct}=="2107",GROUP="504",MODE="0666"

Despite the 0666 mode in the udev rules, it still sits at 0600.  Now, I did
more Googling and found out that PAM is called after the node is created.  And
PAM likes to re-write the permissions.  So I mucked around in the PAM
permissions (/etc/security/console.perms.d/50-default.perms).  I added the
following lines:

...

<mkii>=/dev/bus/usb/003/*

...

<console> 0660 <mkii> 0660 root.avrtools

(Where ... is the already existing items.)  Now, this works!  I can now
access the mkII from a user account that is in the avrtools group. Fortunately,
PAM appears to know about NIS users and groups, so this works well.  Leaving
off the ".avrtools" forces the ownership back to root.root.

But, I know this isn't quite right.  Hardcoding the /dev/bus/usb/003/* into
the PAM permissions won't work if the mkII is plugged into a different USB
port.  And it will apply the wrong permissions if something else is plugged
into that USB port.

So, I tried one last thing.  And it works, but I'm not sure if it is the
"right way" to do things (I know, the "right way" is often whatever works).

I modified my udev rules to add a symbolic link, i.e.:

# JTAGICE mkII
ACTION=="add",SUBSYSTEM=="usb",SYSFS{idVendor}=="03eb",SYSFS{idProduct}=="2103",GROUP="504",MODE="0666",SYMLINK+="jtagicemkii"
# AVRISP mkII
ACTION=="add",SUBSYSTEM=="usb",SYSFS{idVendor}=="03eb",SYSFS{idProduct}=="2104",GROUP="504",MODE="0666",SYMLINK+="avrispmkii"
# Dragon
ACTION=="add",SUBSYSTEM=="usb",SYSFS{idVendor}=="03eb",SYSFS{idProduct}=="2107",GROUP="504",MODE="0666",SYMLINK+="avrdragon"

Then I changed the PAM permissions to:

<avr>=/dev/jtagicemkii /dev/avrispmkii /dev/avrdragon

<console> 0550 <avr> 0660 root.avrtools

I figured that the PAM permissions change might follow the link and change
the permissions on the actual device.  And it does!

So, my question to the Wise Ones here, is this a reasonable approach?  It
seems to work for me.  And I can't find any "standard" way of doing this.

Thanks,
Pete

[Prev in Thread]

Current Thread

[Next in Thread]

Re: [avr-chat] AVR on the Mac, Peter Harrison, 2009/03/01
- Re: [avr-chat] AVR on the Mac, Robert L Cochran, 2009/03/01
  - Re: [avr-chat] AVR on the Mac, Thomas Holland, 2009/03/03
- Re: [avr-chat] AVR on the Mac, Thomas Holland, 2009/03/03
  - RE: [avr-chat] AVR on the Mac, Weddington, Eric, 2009/03/03
    - [avr-chat] JTAGICE mkII, UDEV, and PAM, pladow <=
    - [avr-chat] TWI Multi-master, Ron Kreymborg, 2009/03/22

Prev by Date: RE: [avr-chat] AVR on the Mac
Next by Date: [avr-chat] JTAGICE mkII, UDEV, and PAM
Previous by thread: RE: [avr-chat] AVR on the Mac
Next by thread: [avr-chat] TWI Multi-master
Index(es):
- Date
- Thread