Why does PyUSB / libusb require root (sudo) permissions on Linux?

StackOverflow https://stackoverflow.com/questions/3738173

  •  03-10-2019
  •  | 
  •  

Question

I have been toying around with PyUSB lately, and found that it works beautifully on Linux (Ubuntu has libusb 0.1 and 1.0, as well as OpenUSB)... but only if I run the program with root privileges (with sudo, of course).

Can anyone tell me why it requires elevated privileges and, more importantly, if I can change the permissions somehow to make it work for normal user accounts?

Was it helpful?

Solution

libusb allows you to manipulate arbitrary USB devices in arbitrary ways. You could format an external USB harddisk, for example.

In general, all direct hardware access requires root privileges, although I guess that actually full root privileges are not required, you should be fine with just CAP_SYS_RAWIO.

OTHER TIPS

You can change the permissions of your usb device node by creating a udev rule. e.g. I added the following line to a file in /etc/udev/rules.d/

SUBSYSTEM=="usb", ENV{DEVTYPE}=="usb_device", MODE="0664", GROUP="usbusers"

This sets the owner of the device node to root:usbusers rather than root:root

After adding myself to the usbusers group, I can access the device.

See the answer that I gave here:
How can I comunicate with this device using pyusb?

Namely:
Set up a udev rules file for the specific device that you want normal users to be able to access. This will define the vendor id, the product id and a group.
The vendor and product id's can be found using the lsusb command.

1. Create a udev rules file 

ACTION=="add", SUBSYSTEMS=="usb", ATTRS{idVendor}=="171b", ATTRS{idProduct}=="2001", MODE="660", GROUP="plugdev"

Put this in a file called (for example) /lib/udev/rules.d/50-YourSoftwareName.rules (dig around in man udev for file naming rules)
NOTE: The old naming convention used /etc/udev/rules.d/filename.rules, that has changed.

2. add the user names to the plugdev group

adduser username plugdev

3. force the udev system to see your changes

sudo udevadm control --reload (that is minus minus reload)
sudo udevadm trigger

4. unplug and replug the device or reboot your machine

The end result should be that all members of the group plugdev will now be able to access the device.

EDIT: Note that on some systems the group plugdev may not be the group that you need. It can also be the group input in my experience, depending on what you are plugging in.

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top