Closed mkaivs closed 1 year ago
I tried sudo chmod 666 /dev/apci/pcie_idio_24_0
and I can access the file without the need to use sudo now. However, after I reboot the machine, the file permission is reset to 600. Is there a way to modify the driver so that by default the character device doesn't require sudo to use?
@mkaivs
You need to logout and log back in for changes to group membership to take effect.
There are a few ways to do what you want. It's possible to modify the driver to create the device with other permissions, but this is considered extremely bad practice. I think what you are going to want is to use udev to set things up the way you want.
@jdolanIV
Thanks for the advice. I'm aware that setting the permission to 666 is bad practice, it's just to get something working first before I get to a better solution. I appreciate that the driver is designed with good practice in mind. I originally want to do what you suggest with the link which is to create a group, add my user to that group and give the group permission to access the file. After logout and login again, I don't need sudo anymore.
However, after reboot, I will have to change the ownership & permission of the character file again. I think it makes sense that the character device is created with root:group
instead of root:root
and 660 instead of 600 access permission. If the character device is created with root:group
and permission is set to 660, to grant an user permission to access to the device without sudo, I just need to add the user to that group and that will persist after reboot.
For example:
crw-rw---- 1 root dialout 4, 64 Jan 11 12:38 ttyS0
crw-rw---- 1 root dialout 4, 65 Jan 11 12:38 ttyS1
crw-rw---- 1 root dialout 4, 74 Jan 11 12:38 ttyS10
crw-rw---- 1 root dialout 4, 75 Jan 11 12:38 ttyS11
I used to use a driver, and that driver creates a character device with root:dialout
and permission is 660, so I only need to add my user to the dialout
group once to remove the need to use sudo. I think doing that is still secure because adding user to a group still need sudo, I just don't have to do the same thing every single time I reboot the machine, just one time setup.
Would you consider showing me how to update the driver to create the device character file with root:groupname
ownership and 660 permission?
You can use udev to change the group as well as the owner.
https://www.thegeekdiary.com/how-to-configure-device-file-owner-group-with-udev-rules/
Somewhere in one of our modules I thought we had an "#ifdef" that allowed for what you are looking for, but I'm having trouble finding it right now. I'll do a better job of looking this evening when I'm on the clock. Or maybe @JHentges will chime in because he's the one that originally found it.
Hello, John here.
There's a line in apci_common.h you can set to change the default permissions:
permissions on creation
It gets used in the apci_dev.c file in the apci_devnode() function.
I don't know how to change the driver so it is root:group, but maybe Jay does.
On 1/11/2023 1:12 PM, jdolanIV wrote:
You can use udev to change the group as well as the owner.
https://www.thegeekdiary.com/how-to-configure-device-file-owner-group-with-udev-rules/
Somewhere in one of our modules I thought we had an "#ifdef" that allowed for what you are looking for, but I'm having trouble finding it right now. I'll do a better job of looking this evening when I'm on the clock. Or maybe @JHentges https://github.com/JHentges will chime in because he's the one that originally found it.
— Reply to this email directly, view it on GitHub https://github.com/accesio/APCI/issues/6#issuecomment-1379490070, or unsubscribe https://github.com/notifications/unsubscribe-auth/ADKDEWY3G5CIPLSBVMO464LWR4O4XANCNFSM6AAAAAATYMBKKY. You are receiving this because you were mentioned.Message ID: @.***>
@jdolanIV @JHentges
Thank you for your advice, I can use udev for the setting that I want.
I don't want to give my user application sudo privilege so I need to read and write to the device file without the need to use sudo. I have tried the following:
apci
apci
grouproot:root
toroot:apci
for both/dev/apci
and/dev/apci/pcie_idio_24_0
/dev/apci/pcie_idio_24_0
from 600 to 660Output of
ls -la /dev/apci
/dev/apci
now has the same permission but belongs to a new group (apci
instead ofroot
)pcie_idio_24_0
now has new permission (660 instead of 600) and belongs to a new group (apci
instead ofroot
)Using
getent group | grep apci
I also verify that the user I login as is part ofapci
group.But I still need sudo in order to open
/dev/apci/pcie_idio_24_0
. How do I remove the need to use sudo?