5 Replies Latest reply on Feb 8, 2017 5:28 AM by Peter-H

    mraa permissions

    Peter-H

      I've written a program that works with gpio, spi and i2c using mraa.

       

      Though it only works when run as root.

      When run as another user I get the error message "Failed to init context..."

       

      I found a similar threadUse mraa without sudo

      Do anyone know if the changes made are included in the 160606 release?

      To me it appears so because I don't get an error on the mraa_init() call.

       

      I've tried to brute force the permission by adding a group to all files in /sys and /proc and adding read/write permissions for that group.

      But I still get the same result.

       

      Is it possible to work directly with IO without running as root?

        • 1. Re: mraa permissions
          Intel Corporation
          This message was posted on behalf of Intel Corporation

          Hi Peter-H,

          Thank you for contacting us. What image are you using, are you referring to the 201606061707 image? If that’s the case, then that’s the latest one and after checking the Release notes from the previous two images it doesn’t seem as if anything regarding root permissions has been changed.

          Could you please let us know the full error you receive when you run the code and the image you’re using while running it? If you’ve made other tests with different images please let us know as well. We’d like to review the logs.

          We’ll be waiting for your response.

          -Sergio
           

          • 2. Re: mraa permissions
            Peter-H

            Yes that is probably the one, the filename doesn't include the last 1707 though.

             

            I've tested the following on that image without any modifications.

            I've tested it as root and as a user "test".

             

            mraa_init() return success for both users.

            mraa_gpio_init (int pin) return a working context when run as root and null when run as test.

             

             

            • 3. Re: mraa permissions
              Intel Corporation
              This message was posted on behalf of Intel Corporation

              Thank you for the clarification that you’re using the latest image. We’ll investigate more on this case to see if we can find a way to use IOs without running as root.

              We appreciate your patience.

              -Sergio
               

              • 4. Re: mraa permissions
                Intel Corporation
                This message was posted on behalf of Intel Corporation

                Hi Peter-H,

                Thank you for your patience. After investigating about your case we found that one way to do it would be to grant root access to the desired user, so the user can access the required I/O. It may not be practical but it works.

                1. Login as root
                2. Add new user with adduser command, it will prompt to enter the new user name password
                    adduser <username>
                3. Use usermod command to add the user to the 'sudo' group
                    usermod -aG sudo <username>
                4. Give the new user sudo privileges with the 'visudo' command. You can do this by copying the line beginning with "root" and pasting it after, add the new user:
                    visudo
                    # User privilege specification
                    root        ALL=(ALL:ALL) ALL
                    <username>    ALL=(ALL:ALL) ALL
                5.Test sudo access on the new user account, it may prompt you for the username password:
                    su - <username>
                    sudo <command_to_run> <file_to_run>
                    i.e. sudo node screen.js

                Please give it a try and let us know if this works for you.

                -Sergio A
                 

                • 5. Re: mraa permissions
                  Peter-H

                  Well that's one way to run a program as root.

                  Another way it to specify User=root in the systemd service file.

                  The reason I would have preferred not to run as root was to add some security from criminals and myself so that if I accidentally try to delete / rather than /cache the user permissions will prevent the system from being broken by a single app.

                   

                  I did manage to run the programs i2cset/i2cget without root but belonging to the i2c or input group(can't recall which). I guess those programs works with a specific device having matching group permissions.

                  If anyone finds similar setup with group permissions to the devices used by mraa it would be useful.