Re: [Discuss-gnuradio] setgid directories / usb permissions

[Eric Blossom]

On Fri, Oct 28, 2005 at 10:01:42AM -0600, Robitaille, Michael wrote:
> Finally got GNU Radio compiled and working with the USRP so I am out of the
> wood for now.

Great!

> I installed it in the 'standard' location, unfortunately I could do that
> only as the root and I can only run GnuRadio as root.  I can't even use
> 'sudo' to run usrp_oscope.py.

Please remind me which distribution you're using.  FC4?

Generally speaking, having to run as root reflects a permission problem
on /proc/bus/usb/ and files below.  The fix is distribution
dependent.  I've generally had success by adding myself to group "usb"
and then making sure that "usb" was the group for all those files.
The stuff under /proc/bus/usb is created by the usbfs kernel module,
and there are mount time options that set the gid and perms for those
files.  Look under /etc/rc.d and find out where usbfs is mounted.

  address@hidden init.d]$ grep usbfs *
  usb:    action "Mount USB filesystem" mount -t usbfs -o 
devmode=0664,devgid=43 none /proc/bus/usb

  address@hidden eb]$ grep 43 /etc/group
  usb:x:43:eb

The magic usbfs mount options are defined in the kernel source in
linux/drivers/usb/core/inode.c  (Yes, I know you shouldn't have to
look at kernel source to figure this stuff out, but hey, at least we
*do* have the source available.)

static match_table_t tokens = {
        {Opt_devuid, "devuid=%u"},
        {Opt_devgid, "devgid=%u"},
        {Opt_devmode, "devmode=%o"},
        {Opt_busuid, "busuid=%u"},
        {Opt_busgid, "busgid=%u"},
        {Opt_busmode, "busmode=%o"},
        {Opt_listuid, "listuid=%u"},
        {Opt_listgid, "listgid=%u"},
        {Opt_listmode, "listmode=%o"},
        {Opt_err, NULL}
};

They probably ought to be documented in linux/Documentation/filesystems
along with the rest of the filesystems and have a man page.


> Eric wrote:
> > > Depends on your setup.  I don't install with sudo (being generally
> > > paranoid), and have arranged things so that I'm in a group that has
> > > write access to everything under /usr/local.  Judicious use of 
> > 
> > >  chmod g+s on directories under there is useful.
>  
> > Shell programming 101:  
>  
> >  $ find /usr/local/ -type d -print0 | xargs -0 chgrp <some-group-you-like>
> >  $ find /usr/local/ -type d -print0 | xargs -0 chmod g+rwxs
>  
> > Figuring out what the setgid bit on a directory does is left as an
> exercise ;)
> 
> Sid not - exercise;
> 
> Per my old Unix book;
> 
> Unless the set group ID (sgid) permission of an executable file are set, the
> process created is assigned your uid and gid at its real and effective uid
> and real and effective gid, respectively. File access for a process is
> determined by its effective uid and effective gid.

Note that we are setting the setgid bit on a directory, *not* a
regular file.  What it does is ensure that all files and directories
created in the that directory have their group set to the group of
parent directory.


Here's what my setup looks like:

  address@hidden eb]$ id
  uid=502(eb) gid=502(eb) groups=10(wheel),43(usb),502(eb)

Note that my gid is 502(eb), but that I'm also a member of
wheel and usb.

  address@hidden eb]$ ls -ld /usr/local/bin
  drwxrwsr-x  2 root wheel 4096 Oct 24 18:24 /usr/local/bin

Given this setup, I can write files into /usr/local/bin, and even
though my gid is 502(eb), the installed files end up with group 10(wheel).

E.g.,  

  address@hidden eb]$ ls -ld /usr/local/bin
  drwxrwsr-x  2 root wheel 4096 Oct 24 18:24 /usr/local/bin
  address@hidden eb]$ touch /usr/local/bin/foo
  address@hidden eb]$ ls -l /usr/local/bin/foo
  -rw-rw-r--  1 eb wheel 0 Oct 28 09:41 /usr/local/bin/foo
  address@hidden eb]$ rm /usr/local/bin/foo


> After making the changes to /usr/local based on my new group, I tried to
> build the base line software needed and got the following type of error
> while making sdcc:
> 
> make -C `dirname hc08/port.a`
> make[2]: Entering directory `/opt/GnuRadio/sdcc/src/hc08'
> make[2]: Nothing to be done for `all'.
> make[2]: Leaving directory `/opt/GnuRadio/sdcc/src/hc08'
> 
> /usr/bin/install -c -d /usr/local/bin
> 
> /usr/bin/install: cannot change permissions of `/usr/local/bin': Operation
> not permitted

Wrong permissions on /usr/local/bin, and/or you're not a member of the
right group.

> Making myself root solved this problem but now I can't run the gnuradio
> software except as root.
> 
> Even when I use 'sudo' to run usrp_oscope.py, I get the error
> 
> ImportError: libwx_gtk2d_xrc-2.6.so.0: cannot open shared object file: No
> such file or directory

> The file is in the /urs/local/bin and my LD_LIBRARY_PATH is set to that
> location.  I set the same environment variables for both my regular user and
> root.

>From man sudo:

SECURITY NOTES
       sudo tries to be safe when executing external commands.  Variables that
       control how dynamic loading and binding is done can be used to subvert
       the program that sudo runs.  To combat this the LD_*, _RLD_*,
       SHLIB_PATH (HP-UX only), and LIBPATH (AIX only) environment variables
       are removed from the environment passed on to all commands executed.


Recommended action:  Fix the permissions on the stuff in /proc/bus/usb

> If I don't use 'sudo' I get even more errors.  I think that they are related
> to usb access. I try to use the fstab per another post and it did not seem
> to help.

On FC2, I know that the mount command didn't honor the perms and gid
mount options to usbfs.  Not sure if it is fixed in FC4.

Celebrating the joys of *nix system administration!

Eric