stackoom
  简体   繁体   中英

Linux/Ubuntu: Restricting access to specific USB ports based on username

 原文  2022-03-23 04:45:11       ubuntu/ usb/ libusb/ udev

Question

We have multiple test systems connected to a Ubuntu PC through the USB ports, each device is determined by its serial number. When the serial number is not provided, the application defaults to first available port. To be able to use the system each user needs to be a super user. Considering every USB port is visible to every username in the system, a user can control the other system (unintentionally). If there is a way to lock/restrict a usb port to a particular user name, the access to devices could be managed better. Question: Are there ways to restrict USB ports based on user name?

I a looking for guidance on possible options to explore further

1 answers

solution1
 0  2022-03-23 17:44:09

I think udev rules and Linux groups can solve this problem.

It's not clear exactly what type of USB device you are talking about, and what nodes it creates in your filesystem, and what the permissions of those nodes are. So this answer might not be exactly what you need but I hope it points you in the right direction.

In general, you probably had to add a udev rule to your system to grant the users access to those USB devices. This is a typical rule I often use on systems I maintain in order to grant permission for all users to use native USB devices with vendor ID 1234:

SUBSYSTEM=="usb", ATTRS{idVendor}=="1234", MODE="0666"

You would save that file in the /etc/udev/rules.d folder with a filename like 99-myrules.rules .

But you don't want to use that rule exactly. Here are some changes you would need to make:

  1. Add a key-value pair to the rule so the rule only applies to one USB device, specified by its serial number. I think it would looke like this: ATTRS{serial}=="serial_number_of_one_of_your_devices" .
  2. You should change the MODE to 0660 so it doesn't grant permissions to everyone, but it does grant permissions to users in the right group.
  3. Add a GROUP directive that looks like GROUP="groupname" to set the GROUP of the file node for that USB device. Each user on Ubuntu generally has a group of their own, with the same name as the user, so you could use that, or you could create more groups using the standard mechanisms Unix provides to manage user groups.

You can have multiple rules in a single file, with each rule on their own line. There would be one rule per device.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Find specific USB port under Ubuntu Unable to access jarfile? [Ubuntu, Linux] Ubuntu Linux - Spawning an application when a USB device is plugged in How to get absolutePath of a usb device on linux/ubuntu with java Installing Ubuntu Linux and the Universal USB Installer does not show the disk to install on About powering USB device on Linux: Android camera app recognizes USB camera but Ubuntu doesn't Find USB port based on device PID & VID in Ubuntu How do I access my usb keyboard firmware in ubuntu? Binding HttpListener to https on specific port in Linux/Ubuntu Extend a specific version of Python (on Linux Ubuntu/Unity)
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM