3

I have a panning web camera I built, (future robot arm). The camera pans via a web interface (cgi scripts and JS interface) which access an arduino. To enable sending of commands via the interface, I added www-data (web-server user group) to the dial-out group that the arduino depends on.

Ah, well, I realize this is not what I want to do, and in very insecure! What i want to do, is give www-data group users permission to one device, /dev/ttyACM0

how can I do that, and keep the apache user out of the dial-out group??

UPDATE: Distro: Debian 7.7

ILMostro_7
  • 3,309
j0h
  • 3,617
  • You forgot to mention which distro you're on. On most I've used in the past I'd use the udev-rules that trigger the creation of the device-node and have them assign group-ownerships as well as creating it. – tink Dec 09 '14 at 00:49

1 Answers1

1

You'll probably want to write a rule for udev. Assuming no changes to udev.conf, your rules file should be placed into /etc/udev/rules.d/; it may help you to crib from packages' rules which may be found in /lib/udev/rules.d/.

Writing good rules is a bit of an acquired art, but you could start with something simple if you have no other ttyACM* devices:

# Give web server read/write access to camera
KERNEL=="ttyACM?", ACTION=="add", \
   MODE:="0660", \
   GROUP:=www-data

You'll want to put the above into a file such as /etc/udev/rules.d/10-camera.rules - it must end in .rules; the two-digit numeric prefix helps get rules in the right sequence, and you might need to adjust it. The bit in between is, of course, just to help you recognise why you created it. :-)

Toby Speight
  • 8,678
  • 1
    You might also want to include external reference pointer, particularly useful for naming convention of the udev rules file and the device hierarchy. http://www.reactivated.net/writing_udev_rules.html is a great example of in-depth stuff for udev. – ILMostro_7 Jul 15 '15 at 17:57