14.7. Authorizing users and groups to use the USBGuard IPC interface

PDF

Use this procedure to authorize a specific user or a group to use the USBGuard public IPC interface. By default, only the root user can use this interface.

Conditions préalables

The usbguard service is installed and running.
The /etc/usbguard/rules.conf file contains an initial rule set generated by the usbguard generate-policy command.

Procédure

Edit the /etc/usbguard/usbguard-daemon.conf file with a text editor of your choice:
```
# vi /etc/usbguard/usbguard-daemon.conf
```
For example, add a line with a rule that allows all users in the wheel group to use the IPC interface, and save the file:
```
IPCAllowGroups=wheel
```
You can add users or groups also with the usbguard command. For example, the following command enables the joesec user to have full access to the Devices and Exceptions sections. Furthermore, joesec can list and modify the current policy:
```
# usbguard add-user joesec --devices ALL --policy modify,list --exceptions ALL
```
To remove the granted permissions for the joesec user, use the usbguard remove-user joesec command.
Restart the usbguard daemon to apply your changes:
```
# systemctl restart usbguard
```

Ressources supplémentaires

usbguard(1) and usbguard-rules.conf(5) man pages.

14.7. Authorizing users and groups to use the USBGuard IPC interface

Apprendre

Essayez, achetez et vendez

Communautés

À propos de la documentation Red Hat

Rendre l’open source plus inclusif

À propos de Red Hat

Red Hat legal and privacy links

Red Hat legal and privacy links