Rakesh Pai Rakesh Pai - 6 months ago 30
Linux Question

Accessing the GPIO (of a raspberry pi) without ``sudo``

This question might not be specific to the raspberry pi, of course. Also, I'm relatively new to Linux.

I want to write a little library (in node.js, if that matters) to access the GPIO of the raspberry pi using the sysfs. However, accessing the sysfs requires sudo access, and that's bad for obvious reasons.

Quick2Wire seems to have a solution, but I want to understand it better and not just blindly use it. They've used C of course, but from what I understand, the code isn't complex, and probably can be pulled off with just bash, even if less elegantly. However, more than anything, I'm not sure why it works.

Any help will be great.

Edit: Thanks for the comments. It's clear I need to rephrase the question. Here goes:
How is it that once installed (as root), the app doesn't require any more root perms to use? How does adding someone to a group help in this case?

/sys/devices/virtual/gpio
isn't the location where the gpio sysfs is available, so what's the trickery with that? I'm really a n00b, so these questions might be n00b-ish, so please bear with me.

Answer

Rakesh, I've just been trying to figure out exactly the same thing, and I think I've solved it.

You don't need to understand much of the makefile at all. The important lines are the following, which are executed in bash when you run sudo make install

install: install-files
    groupadd -f --system gpio
    chgrp gpio $(DESTDIR)/bin/gpio-admin
    chmod u=rwxs,g=rx,o= $(DESTDIR)/bin/gpio-admin

groupadd -f --system gpio creates a system group called gpio. chgrp gpio $(DESTDIR)/bin/gpio-admin changes the group of the binary (which the C file gpio-admin.c was compiled to) to gpio. The owner of the binary is still root (since you're running make as root.) chmod u=rwxs,g=rx,o= $(DESTDIR)/bin/gpio-admin does two important things. Firstly, it lets a member of the gpio group run gpio-admin. Secondly, it sets the setuid bit on gpio-admin.

When you add yourself to the gpio group, you can run gpio-admin, without using sudo, but gpio admin will act like it is being run under sudo. This allows it to write to the /sys/class/gpio/export file. It also allows it to change the owner of the files /sys/class/gpio/gpio[pin number]/direction etc. that get created.

Even if you change the group of /sys/class/gpio/export to gpio, and set permissions to allow you to write to it

sudo chgrp gpio /sys/class/gpio/export /sys/class/gpio/unexport
sudo chmod g+rwx /sys/class/gpio/export /sys/class/gpio/unexport

you can export a pin without superuser powers

echo 22 > /sys/class/gpio/export

but the files /sys/class/gpio/gpio22/direction etc. will still be create with root as the owner and group, and you'll need to use sudo to change them. Also, ownership of the export and unexport files will revert to root after each reboot.