As programs start to take advantage of the evdev interface for input devices, it’s only a matter of time before you trip over the default permissions. The big problem is that you can’t just edit the default udev rule for /dev/input/event*, because that would also allow any other user on the system to read your keystrokes. Your passwords, for example.
If you’re like me, you’re probably trying to alter the permissions for a device which can’t be used to input sensitive data anyway. For example, a joystick or gamepad. In such a case, the solution is to override the permissions for just that device. In such a case, letting any user read the permissions is actually a benefit, because you could run your media player as a different user than your normal login name (if you’re feeling paranoid) and still control it via whatever joystick-control module it offers. (XMMS, Audacious 1.3 alpha, and MPlayer all offer such an option)
Anyway, down to business. First, find some uniquely-identifying information for your device. If it’s a USB device, that would be your vendor and product IDs, which can be retrieved using lsusb:
ssokolow@darkstar ~ $ sudo lsusb Password: Bus 004 Device 002: ID 046d:08d7 Logitech, Inc. Bus 004 Device 001: ID 0000:0000 Bus 002 Device 015: ID 045e:0026 Microsoft Corp. SideWinder GamePad Pro Bus 002 Device 014: ID 046d:c00c Logitech, Inc. Optical Wheel Mouse Bus 002 Device 005: ID 05e3:0604 Genesys Logic, Inc. USB 1.1 Hub Bus 002 Device 001: ID 0000:0000 Bus 005 Device 001: ID 0000:0000 Bus 003 Device 001: ID 0000:0000 Bus 001 Device 001: ID 0000:0000 ssokolow@darkstar ~ $
Now, udev will normally stop parsing rules when it finds a match, but there is a nice little trick that can be used to alter only the permissions, without having to override the default settings. (thereby ensuring that any changes to the defaults will still apply) In my case, this is what I did…
ssokolow@darkstar ~ $ sudo echo >> /etc/udev/rules.d/10-local.rules << EOF
BUS=="usb", ATTRS{idVendor}=="045e", ATTRS{idProduct}=="0026", MODE:="0644"
EOF
ssokolow@darkstar ~ $
Important: Don’t copy and paste this. My blogging software “helps me” by taking a page out of Microsoft’s book and substituting typographical quotes. (even inside <code> blocks)
For those who don’t know, >> tells the shell to append rather than create if the file already exists and << specifies that we will be using a Here Document. The trick to this is the “:=” assignment operator used for MODE. It tells udev that this assignment should be final without stopping the rule processing. That is, the defaults will be used, but the permissions specified by them will be ignored.
If you need something a little different. For example, giving specialized names to device nodes, or working with a non-USB device, there are also tools to make that nice and easy. Give the following resources a try and you’ll see what I mean:
- HOWTO Customizing UDEV @ Gentoo-Wiki (Note: SYSFS is the old name for the ATTRS keyword)
- The udev manpage (KDE users can read it right in Konqueror)
Happy hacking. 🙂
UPDATE: Newer example for G15Daemon hotplug now available.
udev and evdev: Permissions by Stephan Sokolow is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.
By submitting a comment here you grant this site a perpetual license to reproduce your words and name/web site in attribution under the same terms as the associated post.
All comments are moderated. If your comment is generic enough to apply to any post, it will be assumed to be spam. Borderline comments will have their URL field erased before being approved.