RTL-SDR USB Device Permission Issues Over SSH
Description:
Recently, there was an update to this package (rtl-sdr), which breaks the ability to use an RTL-SDR device over SSH on a headless server (without running the application as root).
Additional info:
- package version(s): rtl-sdr: 1:2.0.1-2
- config and/or log files etc:
/usr/lib/udev/rules.d/10-rtl-sdr.rules - link to upstream bug report, if any: No other reports are known of at this time
- Severity: Low
Steps to reproduce:
- Setup a headless Arch Linux server (or use an existing Arch Linux PC but don't log into it via a TTY or GUI login manager). The server / PC must have an SSH server configured.
- Connect to the PC or server via SSH using a non-root login.
- Connect an RTL-SDR USB device to the PC / server.
- Run
rtl_eepromover SSH on the PC / server. The following error is printed:
user@server:~$ rtl_eeprom
Found 1 device(s):
0: Generic RTL2832U OEM
Using device 0: Generic RTL2832U OEM
usb_open error -3
Please fix the device permissions, e.g. by installing the udev rules file rtl-sdr.rules
Failed to open rtlsdr device #0.- However, if
sudo rtl_eepromis executed or if the same user logs into the PC / server via a TTY or via a GUI login manager, thertl_eepromapplication does not display any errors.
Details
Recently, there was an update to this package (rtl-sdr), which breaks the ability to use an RTL-SDR device over SSH on a headless server.
This change adjusted the /usr/lib/udev/rules.d/10-rtl-sdr.rules file from each line looking something like this:
SUBSYSTEMS=="usb", ATTRS{idVendor}=="0bda", ATTRS{idProduct}=="2832", MODE:="0666" to each line looking something like this:
SUBSYSTEMS=="usb", ATTRS{idVendor}=="0bda", ATTRS{idProduct}=="2832", ENV{ID_SOFTWARE_RADIO}="1", MODE="0660", TAG+="uaccess" The main change appears to have come from this commit, where the source was changed from librtlsdr to osmocom/rtl/rtl-sdr: 46abd652
Hence, the "mode" in the previous version was "0666" and now the mode is "0660", meaning that current user must now be root or must be in the root group to use an RTL-SDR USB device.
Note that both the old source and new source would work fine if the rtl-sdr.rules file wasn't modified, but the official arch package adds the following patch to this file: sed -e 's/GROUP="plugdev"/TAG+="uaccess"/' -i rtl-sdr.rules.
This patch in the PKGBUILD file allows a 'properly logged-in' user (for example, when logging in via a TTY or desktop environment) to use an RTL-SDR USB device without needing to use sudo.
However, if the user logs in via SSH and attempts to use an application that interacts with the RTL-SDR USB device, the application fails with a permission error:
$ rtl_tcp -d 0
Found 2 device(s):
0: , , SN:
1: , , SN:
Using device 0: Generic RTL2832U OEM
usb_open error -3
Please fix the device permissions, e.g. by installing the udev rules file rtl-sdr.rules
Failed to open rtlsdr device #0. Current state:
We are forcing users who need this functionality to modify the udev rules file to change the MODE back to "0666" (not recommended since the file will be overwritten with an update) - this is what I did temporarily to restore functionality. I suppose applications can also be run as root, but this is not ideal.
Potential future solutions:
- The PKGBUILD could be modified to include another 'patch' to restore the MODE back to "0666" as it was before version
1:2.0.1-1, but this isn't a great solution for everyone as it compromises security. - The PKGBUILD could be modified to not remove the
GROUP="plugdev"part. Thus, users that need this functionality can add the appropriate user to theplugdevgroup to restore functionality. I think this solution makes a bit more sense. Plus, this fits with the Arch theme of staying as close to upstream as possible. This would mean replacing this line in the PKGBUILD:
sed -e 's/GROUP="plugdev"/TAG+="uaccess"/' -i rtl-sdr.ruleswith this line:
sed -e 's/GROUP="plugdev"/GROUP="plugdev", TAG+="uaccess"/' -i rtl-sdr.rules