Problems accessing USB devices with non-root user inside Jail

[moellinger]

Hi,

I do need to access an usb device with a non-root user within a jail.

When running usbconfig as root in the jail, I see all the usb devices connected.

The device required for my setup is:

Code:

ugen1.3: <KNX-USB Data Interface Gira Giersiepen GmbH  Co. KG> at usbus1, cfg=0 md=HOST spd=FULL (12Mbps) pwr=ON (50mA)

My permissions are as followed:

Code:

root@knx:/dev # ll ugen1.3
lrwxr-xr-x  1 root  wheel  9 Dec  8 10:19 ugen1.3@ -> usb/1.3.0

I've modified the devfs.rules

Code:

root@knx:/dev # cat /etc/devfs.rules

[system=10]
add path 'usbctl' mode 660 group operator
add path 'usb/*' mode 660 group operator
add path 'ugen*' mode 0660 group operator

and rc.conf:

Code:

root@knx:/dev # cat /etc/rc.conf
devfs_system_ruleset="system"

If I'm now running usbconfig with user I'm geeting the following output:

Code:

root@knx:/dev # sudo -u eib usbconfig

No device match or lack of permissions.

I'm able to access the usb device as root without any issues but not with any other user. User eib has been added to the operator group.

Is there anything wrong with my defs config?

 

[sremick]

Seems to me to be a wholly inappropriate task to be asking a NAS appliance to be doing. But that's just me.

 

[cyberjock]

I agree with sremick. This seems like a terrible thing to do for a NAS appliance. I wouldn't be surprised if there was some reason why it doesn't work besides just permissions. I doubt that the FreeNAS developers expected people to hook up USB drives to their FreeNAS box and try to mount them in a jail.

 

[moellinger]

So cyberjock, why are you saying in the virtual box threat that there seems to be in issue accessing USB devices? There's no issue with the virtualbox version, it's exactly the same issue with the permissions. I can run virtualbox with user root and I can access all USB devices, but not with user vbox.

This is not an USB drive, this is another device to access an external home automation system. With this setup I'm able to get rid of another computer, this is a benefits case for me...

Event if I would like to add a printer shared in the network (on the NAS) would be an issue. Thanks for the help!

 

[cyberjock]

I said what I said because the virtualbox documentation said it was broken. I couldn't get it to work in my limited testing and after I found the documentation said that USB support was broken I simply gave up.

Yes, I added "drive" on accident because it seems that 99% of the time I'm talking about USB drives. But regardless of what USB device you are using, I'm somewhat doubtful that's what the iXsystems devs had in mind. Often hardware that isn't "built-in" requires kernel drivers. That means the drivers must be included in FreeNAS and must be compiled with FreeNAS. This makes 99.99% of devices out there that are USB and aren't obvious things like USB drives or USB UPSes non-functional. In fact, the kernel driver that virtualbox uses had to be compiled with FreeNAS specifically.

These problems with adding devices to FreeNAS don't exist on FreeBSD. You install the program in a jail and simply copy the kernel drivers to the host boot media and do the setup. It will "just work". But as FreeNAS' kernel doesn't work with FreeBSD's pre-compiled kernel drivers out of the box (at least you shouldn't expect it to work, although it does on occasion) , this breaks things for most users. FreeNAS is an appliance, and as such has limitations.

Have you tried to do this in FreeBSD 9.3? If so, does it work?

 

[moellinger]

The whole setup is working when I'm running the Virtualbox Linux image and/or the application inside the jail with user root. When starting the same with any other user I can't get access to the USB device. The "workaround" using root to run the image is working since you've released the "how to" to install virtualbox. I actually did it without the howto some weeks before, but didn't capture all the steps required to have a future proof solution. This small litte app is a gateway to the home automation system and works like a charm on the FREENAS server and does basically translate between an IP and a KNX network.

I've upgrade to 9.3 beta but of course still having the same with a non-root user.