Avoid requiring use of root for gpiod; use a group with appropriate udev rules

[dhalbert]

libgpiod requires significant privileges to use. The common way to enable this is to run as root. This causes people to install blinka, its dependencies, other libraries with sudo pip3 install, which can change the versions for packages that system-required packages depend on and possibly break functionality.

Ideally I would like to see sudo pip3 install be disrecommended uniformly.

It's possible instead to create a gpio or gpiod user group and add privileges using udev rules. Some links: https://www.udoo.org/forum/threads/gpio-permissions-for-libgpiod-sudo-or-not.32453/ https://forum.pine64.org/showthread.php?tid=2233 https://askubuntu.com/questions/1230947/gpio-for-raspberry-pi-gpio-group https://raspberrypi.stackexchange.com/questions/40105/access-gpio-pins-without-root-no-access-to-dev-mem-try-running-as-root/40106

[makermelissa]

I've been experimenting with this using the BeagleV StarLight since I'm using libgpiod and was able to successfully get this to work. Here's a the commands I ran (user is riscv), but I think this could be tuned better to be more board specific:

sudo groupadd gpiod
sudo usermod -G gpiod riscv
sudo echo '# udev rules for gpio port access through libgpiod
SUBSYSTEM=="gpio", KERNEL=="gpiochip0", GROUP="gpiod", MODE="0660"' > /etc/udev/rules.d/60-gpiod.rules
sudo reboot

[makermelissa]

We also need to set up a similar thing for spidev, otherwise permission denied can occur.

[pdp7]

@makermelissa thanks, this looks very useful. For BeagleV Starlight, please let me know what you'd like to see in the Fedora image and I can ask @tekkamanninja to add it in the next image. I can also coordinate with the Debian people, etc.

For BeagleBone/PocketBeagle, @robertcnelson is very helpful if their something that would be helpful to change in our @beagleboard Debian images.

[anguselheimStudios]

Using my Libre Computer "Le Potato" with Ubuntu 22.04 the solution is to add yourself to the dialout group.

sudo usermod -a -G dialout username

replace username with... well...

Don't leave out the -a or you will remove yourself from the sudoers group. No more fun for you.

It is different in Raspbian I believe. I don't know and I'm ashamed to admit, but it's mostly because I hate toy-story. It gave me migraines as a child.

[makermelissa]

@anguselheimStudios thanks for adding the info.

It is different in Raspbian I believe. I don't know and I'm ashamed to admit, but it's mostly because I hate toy-story. It gave me migraines as a child.

For Raspberry Pi OS, it just works (with the exception of using neopixels). This issue was more about other boards like those running Armbian where by default it won't work without sudo. Also, I think it's the Debian releases (which both Raspbian/Raspberry Pi OS and Armbian are based on) that have the toy story names.

I think I could figure this out for SPI and I2C (perhaps others). It's just a matter of putting some time into the issue.

[Gadgetoid]

Just did this on a ROCK5B running Armbian 23.8.3 bookworm (thanks for the info @makermelissa) using:

SUBSYSTEM=="gpio", KERNEL=="gpiochip*", GROUP="gpio", MODE="0660"