Bug 183063 - Scanner permissions not set if connected after user logs in
Scanner permissions not set if connected after user logs in
Status: CLOSED RAWHIDE
Product: Fedora
Classification: Fedora
Component: udev (Show other bugs)
rawhide
All Linux
medium Severity medium
: ---
: ---
Assigned To: Harald Hoyer
:
: 175005 (view as bug list)
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2006-02-25 16:22 EST by W. Michael Petullo
Modified: 2007-11-30 17:11 EST (History)
5 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2006-04-30 13:31:52 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)
/var/log/messages when I power on the scanner. (4.40 KB, text/plain)
2006-03-21 09:23 EST, Takaki Hiroshi
no flags Details

  None (edit)
Description W. Michael Petullo 2006-02-25 16:22:57 EST
Description of problem:
When a USB scanner is plugged in, udev sets up the proper device files (see
closed bug #177650.)  Upon logging in, the permissions on this device file are
set to the console owner by pam_console.

However, if the scanner is plugged in after the user has already logged in, then
the permissions of its device file will not be set.

Version-Release number of selected component (if applicable):
udev-084-4

How reproducible:
Every time

Steps to Reproduce:
1.  Log in, obtaining console ownership.
2.  Plug in a USB scanner.  
  
Actual results:
Notice that the logged in user does not own /dev/scanner-...

Expected results:
/dev/scanner... should be owned by the user that ownes the console.

Additional info:
At one time /etc/dev.d/default/05-pam_console.dev set the permissions on newly
created devices when a user was logged in.  This seems to be missing from recent
udev packages.  I don't see anything in the RPM changelog explaining the
script's absence.
Comment 1 Takaki Hiroshi 2006-03-05 12:13:49 EST
*** Bug 175005 has been marked as a duplicate of this bug. ***
Comment 2 Kevin DeKorte 2006-03-20 21:01:41 EST
I have an HP 5400c scanner. I login as my limited user and I plugin the scanner.
The device /dev/scanner-usbdev1.7 is created as a simlink to 

lrwxrwxrwx 1 root root 15 Mar 20 18:49 scanner-usbdev1.7 -> bus/usb/001/007

ls -la  bus/usb/001/007
crw-r--r-- 1 root root 189, 6 Mar 20 18:54 bus/usb/001/007

So the user cannot open the scanner. If I run xscan under sudo then the scanner
works correctly. I DO NOT have SELinux enabled. It looks to me that either the
scanner should be group owned by the "scanner" group and the user needs to be
added to that group or some other privledge change should be made.

I'm on FC5Test3 and upgrading to FC5 Final at the moment. 
Comment 3 Harald Hoyer 2006-03-21 07:33:40 EST
should be fixed with udev-084-13
Comment 4 Takaki Hiroshi 2006-03-21 08:01:12 EST
I'm useing FC5 final. udev-084-13 not works for me. Should I reopen this bug, or
wait for next release of udev?
Comment 5 Harald Hoyer 2006-03-21 08:54:31 EST
hmm... that's odd.. could you set udev_log=debug in /etc/udev/udev.conf and post
the entries in /var/log/messages regarding udev when you plug in the scanner?
Comment 6 Takaki Hiroshi 2006-03-21 09:23:31 EST
Created attachment 126396 [details]
/var/log/messages when I power on the scanner.

I hope this is help.
Comment 7 Kevin DeKorte 2006-03-21 09:40:24 EST
I tried udev-084-13 and after a reboot everything worked fine for me. So this
issue is fixed for me.
Comment 8 Harald Hoyer 2006-03-21 09:41:34 EST
hmm
Mar 21 23:15:20 tdvia udevd-event[2719]: run_program: '/sbin/pam_console_apply
/dev/bus/usb/001/002 /dev/scanner-usbdev1.2'

should have changed the permissions.... reassigning to pam.

you could try to run:
# /sbin/pam_console_apply /dev/bus/usb/001/002 /dev/scanner-usbdev1.2

but remember, you should be logged in with your normal user first to own the
console.
Comment 9 Tomas Mraz 2006-03-21 10:05:04 EST
The filename argument of pam_console_apply must match device patterns in
/etc/security/console.perms.d. However it shouldn't matter much if
/dev/scanner-usbdev1.2 points to /dev/bus/usb/001/002 anyway.
Comment 10 Harald Hoyer 2006-03-21 10:07:21 EST
/dev/scanner-usbdev1.2 should match /dev/scanner* :)
Comment 11 Takaki Hiroshi 2006-03-21 10:14:46 EST
I tried a little.

1. login as user named takaki.

[takaki@tdvia home]$ ls -l /dev/bus/usb/001/002
crw------- 1 takaki root 189, 1 Mar 21 23:15 /dev/bus/usb/001/002

2. power off and then power on the scanner.

[takaki@tdvia home]$ ls -l /dev/bus/usb/001/003
crw-r--r-- 1 root root 189, 2 Mar 21 23:57 /dev/bus/usb/001/003

3. pam_console_apply with normal user.

[takaki@tdvia home]$ /sbin/pam_console_apply /dev/bus/usb/001/003
/dev/scanner-usbdev1.3
[takaki@tdvia home]$ ls -l /dev/bus/usb/001/003
crw-r--r-- 1 root root 189, 2 Mar 21 23:57 /dev/bus/usb/001/003

4. pam_console_apply with root user.

[takaki@tdvia home]$ sudo /sbin/pam_console_apply /dev/bus/usb/001/003
/dev/scanner-usbdev1.3
[takaki@tdvia home]$ ls -l /dev/bus/usb/001/003
crw------- 1 takaki root 189, 2 Mar 21 23:57 /dev/bus/usb/001/003
Comment 12 Harald Hoyer 2006-03-21 10:24:27 EST
udev calls /sbin/pam_console_apply with root perms... so it should have worked
(for Kevin DeKorte it does :)
Comment 13 Tomas Mraz 2006-03-21 10:29:26 EST
I don't think it's pam_console_apply problem as it clearly works fine when it's
run from command line.

Couldn't there be some race condition so the pam_console_apply is run before the
symlink is created or something like that?
Comment 14 Takaki Hiroshi 2006-03-21 10:31:59 EST
(In reply to comment #7)
> I tried udev-084-13 and after a reboot everything worked fine for me. So this
> issue is fixed for me.

Is it works for you, if you power off & on the scanner?
Comment 15 Kevin DeKorte 2006-03-21 11:08:33 EST
My situation is perhaps a little different than yours. My scanner is across the
room so I have a long cable to hook it up (it is not always plugged into my
machine). And if the scannner is off, it does not show up on the USB bus. So am
logged in and plugin the cable with the scanner off. I then power the scanner
and everything comes up right.
Comment 16 Takaki Hiroshi 2006-03-21 11:48:55 EST
Thanks for reply, Kevin.

It's works for me, if I tried another box. My problem occur on particular box.
I'll  check up more it. Please, close here, Harald. I'm sorry for bothering.
Comment 17 Takaki Hiroshi 2006-03-25 15:31:50 EST
I'v found another box which has same problem. Two machines are also smp system.
This issue may be software problem but not depend on a particular hardware.

machine A: RIOWORKS TDVIA
machine B: Dell PowerEdge SC430
Comment 18 W. Michael Petullo 2006-04-30 13:31:52 EDT
I can confirm that this has been fixed in Rawhide.  It works for me with and
without SELinux enforcing its strict policy.  If there are issues with
individual pieces of hardware, then individual bugs should be opened.  In
general, the system works.
Comment 19 W. Michael Petullo 2006-04-30 13:34:30 EDT
(In reply to comment #18)
> I can confirm that this has been fixed in Rawhide.  It works for me with and
> without SELinux enforcing its strict policy.  If there are issues with
> individual pieces of hardware, then individual bugs should be opened.  In
> general, the system works.

Please replace strict with targeted in the above comment.  I have not tested the
strict policy.  However, if there is a problem with the strict policy, then a
seperate bug should be opened against the policy.


Note You need to log in before you can comment on or make changes to this bug.