[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[avr-chat] JTAGICE mkII, UDEV, and PAM
|
From: |
Peter LaDow |
|
Subject: |
[avr-chat] JTAGICE mkII, UDEV, and PAM |
|
Date: |
Wed, 4 Mar 2009 12:26:55 -0800 |
I apologize for the repost. I tried to post it via my other email
account, but I never saw it arrive on my main account (this one). And
I think perhaps it was eaten by the SPAM filters out there. And given
that it may have been consumed, perhaps nobody saw the email. Though
I did see it in the archives, but it was listed as a reply to another
post, so something got messed up.
If you've seen this before, please ignore my repost.
I know this has been hashed over many times. But despite hours of
time Googling this, I still can't find quite the right solution. I
have it working, but I don't think it is quite right nor am I
comfortable with it.
So, I'm trying to use my JTAGICE mkII with Fedora Core 10. I did the
usual and created some udev rules. When the mkII is connected, I get
the correct ownership, but the permissions are fixed at 0600. Here's
my udev rule (I have the group as a group id, since I am using NIS):
# JTAGICE mkII
ACTION=="add",SUBSYSTEM=="usb",SYSFS{idVendor}=="03eb",SYSFS{idProduct}=="2103",GROUP="504",MODE="0666"
# AVRISP mkII
ACTION=="add",SUBSYSTEM=="usb",SYSFS{idVendor}=="03eb",SYSFS{idProduct}=="2104",GROUP="504",MODE="0666"
# Dragon
ACTION=="add",SUBSYSTEM=="usb",SYSFS{idVendor}=="03eb",SYSFS{idProduct}=="2107",GROUP="504",MODE="0666"
Despite the 0666 mode in the udev rules, it still sits at 0600. Now,
I did more Googling and found out that PAM is called after the node is
created. And PAM likes to re-write the permissions. So I mucked
around in the PAM permissions
(/etc/security/console.perms.d/50-default.perms). I added the
following lines:
...
<mkii>=/dev/bus/usb/003/*
...
<console> 0660 <mkii> 0660 root.avrtools
(Where ... is the already existing items.) Now, this works! I can
now access the mkII from a user account that is in the avrtools group.
Fortunately, PAM appears to know about NIS users and groups, so this
works well. Leaving off the ".avrtools" forces the ownership back to
root.root.
But, I know this isn't quite right. Hardcoding the /dev/bus/usb/003/*
into the PAM permissions won't work if the mkII is plugged into a
different USB port. And it will apply the wrong permissions if
something else is plugged into that USB port.
So, I tried one last thing. And it works, but I'm not sure if it is
the "right way" to do things (I know, the "right way" is often
whatever works).
I modified my udev rules to add a symbolic link, i.e.:
# JTAGICE mkII
ACTION=="add",SUBSYSTEM=="usb",SYSFS{idVendor}=="03eb",SYSFS{idProduct}=="2103",GROUP="504",MODE="0666",SYMLINK+="jtagicemkii"
# AVRISP mkII
ACTION=="add",SUBSYSTEM=="usb",SYSFS{idVendor}=="03eb",SYSFS{idProduct}=="2104",GROUP="504",MODE="0666",SYMLINK+="avrispmkii"
# Dragon
ACTION=="add",SUBSYSTEM=="usb",SYSFS{idVendor}=="03eb",SYSFS{idProduct}=="2107",GROUP="504",MODE="0666",SYMLINK+="avrdragon"
Then I changed the PAM permissions to:
<avr>=/dev/jtagicemkii /dev/avrispmkii /dev/avrdragon
<console> 0550 <avr> 0660 root.avrtools
I figured that the PAM permissions change might follow the link and
change the permissions on the actual device. And it does!
So, my question to the Wise Ones here, is this a reasonable approach?
It seems to work for me. And I can't find any "standard" way of doing
this.
Thanks,
Pete
--
--
"To love for the sake of being loved is human; to love for the sake
of loving is Angelic." -- Alphonse de Lamartine
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [avr-chat] JTAGICE mkII, UDEV, and PAM,
Peter LaDow <=