Hi experts, I'm working on a USB project. This project is going to deliver an SMF service which spawns a daemon process to manage USB devices in the system. The daemon characteristic and USB hotplugable nature cause some problems. USB device drivers exports their device nodes as owned by root user with permission set to 644. This means only root can do ioctl on the device nodes. I know in a daemon process, all needed files and devices can be opened before set itself to daemon user and remove some privileges, then the process can still access(write) those opened files/devices as daemon user. But for a USB device, it can be hotplugged at anytime. If the daemon process has been started and set to daemon user, then it can not do ioctl on the newly added USB device even if it can open that device node. That's the problem, since some USB device will act as host to connect with other USB devices. For security reasons, the USB host device node can't be writable worldwide.
The solutions I can imagine may be: a) run the daemon process as root user all along its life, possibly remove unused privileges. I'm not sure if it's acceptable. Is there Solaris policy about daemon process and its privileges? b) set the device node's owner to daemon user. I digged into the /devices directory and didn't find any device node whose owner is other than root or console user. So, probably this is not a good idea. Is there any other better solution? Would you please give your valuable advices about this issue? Thanks a lot, Lei Chen This message posted from opensolaris.org