From 6015a0588de0f8542d8ebd290d093a658b7e7f8a Mon Sep 17 00:00:00 2001
From: djrarky <10834935+djrarky@users.noreply.github.com>
Date: Wed, 21 Jan 2026 15:03:46 -0400
Subject: [PATCH 1/3] add env variable to skip ownership changes

---
 README.md         | 2 +-
 src/filesystem.sh | 5 +++++
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/README.md b/README.md
index c3e1c77..ef54e18 100755
--- a/README.md
+++ b/README.md
@@ -154,7 +154,7 @@ services:
       - /dev:/dev:rw              # Full /dev access improves hotplug handling
       - /run/udev:/run/udev:ro    # Access to udev events
     environment:
-
+    # - SKIP_PERMCHECK            # Skip USB permission change for rootless implementations
       - SECRET_KEY=test1234567890 # for password encryption and decryption in the database
       - UDEV=1                    # Improve USB detection
     ports:
diff --git a/src/filesystem.sh b/src/filesystem.sh
index 46a7c84..d845d42 100755
--- a/src/filesystem.sh
+++ b/src/filesystem.sh
@@ -116,6 +116,11 @@ detect_usb_devices() {
 
 # Function to fix USB permissions if applicable
 fix_usb_permissions() {
+    if [ "${SKIP_PERMCHECK}" = "true" ]; then
+        startup_log "Skipping USB permission updates (SKIP_PERMCHECK=true)"
+        return 0
+    fi
+
     if [ -d "/dev/bus/usb" ]; then
         # First set ownership to root:nut for good measure
         chown -R root:nut /dev/bus/usb

From 2ebde76da999981fa82ecfa0f3c055809d537f73 Mon Sep 17 00:00:00 2001
From: djrarky <10834935+djrarky@users.noreply.github.com>
Date: Wed, 21 Jan 2026 15:12:50 -0400
Subject: [PATCH 2/3] tidy logic

---
 src/filesystem.sh | 31 ++++++++++++++++---------------
 1 file changed, 16 insertions(+), 15 deletions(-)

diff --git a/src/filesystem.sh b/src/filesystem.sh
index d845d42..83bc14f 100755
--- a/src/filesystem.sh
+++ b/src/filesystem.sh
@@ -116,21 +116,22 @@ detect_usb_devices() {
 
 # Function to fix USB permissions if applicable
 fix_usb_permissions() {
-    if [ "${SKIP_PERMCHECK}" = "true" ]; then
-        startup_log "Skipping USB permission updates (SKIP_PERMCHECK=true)"
-        return 0
-    fi
-
-    if [ -d "/dev/bus/usb" ]; then
-        # First set ownership to root:nut for good measure
-        chown -R root:nut /dev/bus/usb
-        # Now grant read-write to all users (old method that worked better)
-        chmod -R o+rw /dev/bus/usb 2>/dev/null
-        startup_log "USB device permissions updated (all users access granted)"
-    else
-        startup_log "WARNING: Directory /dev/bus/usb not found!"
-    fi
-    
+    case "${SKIP_PERMCHECK,,}" in
+        true|1|yes)
+            startup_log "Skipping USB permission updates (SKIP_PERMCHECK=${SKIP_PERMCHECK})"
+            ;;
+        *)
+            if [ -d "/dev/bus/usb" ]; then
+                # First set ownership to root:nut for good measure
+                chown -R root:nut /dev/bus/usb
+                # Now grant read-write to all users (old method that worked better)
+                chmod -R o+rw /dev/bus/usb 2>/dev/null
+                startup_log "USB device permissions updated (all users access granted)"
+            else
+                startup_log "WARNING: Directory /dev/bus/usb not found!"
+            fi
+            ;;
+    esac
     # Set the suid bit on the nut commands
     chmod u+s /usr/bin/upsc /usr/bin/upscmd /usr/bin/upsrw 2>/dev/null
     if [ "$ENABLE_LOG_STARTUP" = "Y" ]; then

From c316130b83c90c7275c934d9f7988efc689dfbcd Mon Sep 17 00:00:00 2001
From: djrarky <10834935+djrarky@users.noreply.github.com>
Date: Wed, 21 Jan 2026 15:31:15 -0400
Subject: [PATCH 3/3] /usr/bin/upsc fail too, included in env check

---
 src/filesystem.sh | 14 +++++++++-----
 1 file changed, 9 insertions(+), 5 deletions(-)

diff --git a/src/filesystem.sh b/src/filesystem.sh
index 83bc14f..48d9863 100755
--- a/src/filesystem.sh
+++ b/src/filesystem.sh
@@ -119,6 +119,9 @@ fix_usb_permissions() {
     case "${SKIP_PERMCHECK,,}" in
         true|1|yes)
             startup_log "Skipping USB permission updates (SKIP_PERMCHECK=${SKIP_PERMCHECK})"
+            if [ "$ENABLE_LOG_STARTUP" = "Y" ]; then
+                startup_log "Skipping SUID permissions for NUT commands (SKIP_PERMCHECK=${SKIP_PERMCHECK})"
+            fi
             ;;
         *)
             if [ -d "/dev/bus/usb" ]; then
@@ -130,13 +133,14 @@ fix_usb_permissions() {
             else
                 startup_log "WARNING: Directory /dev/bus/usb not found!"
             fi
+
+            # Set the suid bit on the nut commands
+            chmod u+s /usr/bin/upsc /usr/bin/upscmd /usr/bin/upsrw 2>/dev/null
+            if [ "$ENABLE_LOG_STARTUP" = "Y" ]; then
+                startup_log "Set suid permissions for NUT commands"
+            fi
             ;;
     esac
-    # Set the suid bit on the nut commands
-    chmod u+s /usr/bin/upsc /usr/bin/upscmd /usr/bin/upsrw 2>/dev/null
-    if [ "$ENABLE_LOG_STARTUP" = "Y" ]; then
-        startup_log "Set suid permissions for NUT commands"
-    fi
 }
 
 # Clean up existing PID files to prevent conflicts