search

OSVR / OSVR-Core

The core libraries, applications, and plugins of the OSVR software platform.
Apache License 2.0
329 stars 124 forks source link

Add udev rules #590

Closed rpavlik closed 6 years ago

rpavlik commented 6 years ago

Not sure why I didn't commit these long ago - most of them have been sitting around in a Gist since 2015.

No build system touches them yet but this at least puts them in the source tree.

Question - is MODE="0660" GROUP="plugdev" the best thing to do to provide USB access? It's different from what the Vive linux support does - https://github.com/ValveSoftware/SteamVR-for-Linux#usb-device-requirements

godbyk commented 6 years ago

Can you think of any benefit to restricting access to the device to a subset of users on a system?

The Debian wiki says that the plugdev group "Allows members to mount (only with the options nodev and nosuid, for security reasons) and umount removable devices through pmount."

The Ubuntu wiki says the group provides "access external storage devices" and that "users in the plugdev group can send commands to HAL (this is probably deprecated)."

Other distributions seem to lack this group, so it's probably easiest to just omit the group entirely from the udev rule, allowing all users to access the devices.

rpavlik commented 6 years ago

Well, it makes it so if you have somebody that only logs in remotely, you can leave them out of that group so they can't mess with your services locally, but that's a bit of a stretch. (would need 0666 instead of 0660,right?)

The construct in the SteamVR udev looks intriguing, haven't had a chance to look it up to see what its effect is.

I just had started using plugdev some time ago and it worked, that's the only reasoning behind the specifics here.

On Tue, Jul 10, 2018, 11:43 AM Kevin Godby notifications@github.com wrote:

Can you think of any benefit to restricting access to the device to a subset of users on a system?

The Debian wiki https://wiki.debian.org/SystemGroups says that the plugdev group "Allows members to mount (only with the options nodev and nosuid, for security reasons) and umount removable devices through pmount ."

The Ubuntu wiki https://wiki.ubuntu.com/Security/Privileges says the group provides "access external storage devices" and that "users in the plugdev group can send commands to HAL (this is probably deprecated)."

Other distributions seem to lack this group, so it's probably easiest to just omit the group entirely from the udev rule, allowing all users to access the devices.

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/OSVR/OSVR-Core/pull/590#issuecomment-403889616, or mute the thread https://github.com/notifications/unsubscribe-auth/AADuyT_0jojlGZufMwoOI9TsC5K0s4f-ks5uFNnMgaJpZM4VISSO .

rpavlik commented 6 years ago

This is where that "Move discussion to new issue" button in GitLab would be handy :D Just spent 5 minutes looking for this, only to discover I had never merged it.