PolicyKit policy for Fedora 9
Xiaofan Chen
set up permissions.
It is actually not that difficult to create simple policies for libusb based
application like pk2cmd to work under Fedora 9.
The following is a simple rule to get my Microchip USB device
(PICkit 2, MPLAB ICD2, PICDEM FS USB demo board, etc) working
without using "su" or "sudo". It is a "lazy" rule as I just matched
the vendor ID.
It is based on the following hplip policy.
[mcuee@localhost ~]$ cat /usr/share/hal/fdi/policy/10osvendor/10-hplip.fdi
<?xml version="1.0" encoding="UTF-8"?>
<deviceinfo version="0.2">
<device>
<!-- HPLIP-driven printers and scanners -->
<match key="info.subsystem" contains="usb_device">
<match key="usb_device.vendor_id" int="0x03f0">
<append key="info.capabilities" type="strlist">scanner</append>
<append key="access_control.grant_group" type="strlist">lp</append>
</match>
</match>
<!-- Set ACLs -->
<match key="info.capabilities" contains="scanner">
<append key="info.capabilities" type="strlist">access_control</append>
<merge key="access_control.file"
type="copy_property">linux.device_file</merge>
<merge key="access_control.type" type="string">scanner</merge>
</match>
</device>
</deviceinfo>
So we just use this as a base for our policy.
[mcuee@localhost ~]$ cat /usr/share/hal/fdi/policy/10osvendor/10-microchip.fdi
<?xml version="1.0" encoding="UTF-8"?>
<deviceinfo version="0.2">
<device>
<!-- Microchip USB device -->
<match key="info.subsystem" contains="usb_device">
<match key="usb_device.vendor_id" int="0x04d8">
<append key="info.capabilities" type="strlist">microchipusb</append>
<append key="access_control.grant_group"
type="strlist">microchip</append>
</match>
</match>
<!-- Set ACLs -->
<match key="info.capabilities" contains="microchipusb">
<append key="info.capabilities" type="strlist">access_control</append>
<merge key="access_control.file"
type="copy_property">linux.device_file</merge>
<merge key="access_control.type" type="string">microchipusb</merge>
</match>
</device>
</deviceinfo>
You need to add your user name to the group "microchip".
[mcuee@localhost ~]$ groups mcuee
mcuee microchip
More information about PolicyKit but I admit I have not read through it.
http://hal.freedesktop.org/docs/PolicyKit/
Regards,
Xiaofan
Xiaofan Chen
> I just installed Fedora 9 and it seems to use PolicyKit/ConsoleKit to
> set up permissions.
>
> It is actually not that difficult to create simple policies for libusb based
> application like pk2cmd to work under Fedora 9.
>
> The following is a simple rule to get my Microchip USB device
> (PICkit 2, MPLAB ICD2, PICDEM FS USB demo board, etc) working
> without using "su" or "sudo". It is a "lazy" rule as I just matched
>
>
> [mcuee@localhost ~]$ cat /usr/share/hal/fdi/policy/10osvendor/10-microchip.fdi
> <?xml version="1.0" encoding="UTF-8"?>
>
> <deviceinfo version="0.2">
> <device>
> <!-- Microchip USB device -->
> <match key="info.subsystem" contains="usb_device">
> <match key="usb_device.vendor_id" int="0x04d8">
> <append key="info.capabilities" type="strlist">microchipusb</append>
> <append key="access_control.grant_group" type="strlist">microchip</append>
> </match>
> </match>
>
> <!-- Set ACLs -->
> <match key="info.capabilities" contains="microchipusb">
> <append key="info.capabilities" type="strlist">access_control</append>
> <merge key="access_control.file" type="copy_property">linux.device_file</merge>
> <merge key="access_control.type" type="string">microchipusb</merge>
> </match>
> </device>
> </deviceinfo>
>
> You need to add your user name to the group "microchip".
> [mcuee@localhost ~]$ groups mcuee
> mcuee microchip
>
> More information about PolicyKit but I admit I have not read through it.
> http://hal.freedesktop.org/docs/PolicyKit/
>
Just want to confirm that the following works for Fedora 10 as well.
I've updated the piklab wiki here to include this information.
http://piklab.wiki.sourceforge.net/USB+Port+Problems
Regards,
Xiaofan