Question
I have a program that reads a device from /dev/i2c-1. This software is called pa_access and here is an example run:
https://stackoverflow.com/questions/21634745
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
Russianubuntu@arm:~$ sudo ./pa_access
Input [0]: 0
Input [1]: 0
Input [2]: 0
Input [3]: 0
Input [4]: 0
Input [5]: 0
Input [6]: 0
Input [7]: 0
Input [8]: 0
Input [9]: 0
Input [10]: 0
Input [11]: 0
Input [12]: 0
Input [13]: 0
Input [14]: 0
Input [15]: 0
Input [16]: 0
Input [17]: 0
Input [18]: 0
Input [19]: 0
Input [20]: 0
Input [21]: 0
Input [22]: 0
Input [23]: 0
Input [24]: 0
Input [25]: 0
Input [26]: 1
Input [27]: 0
Input [28]: 0
Input [29]: 0
As you can see, this software reads a set of hardware inputs, and then, prints out the inputs states. For this reason, the program must be executed using sudo.
The problem occurs when a user is specified by the "-u" option, e.g.:
ubuntu@arm:~$ sudo -u www-data ./pa_access
Error setting comunication with PA board on /dev/i2c-1.
Input [0]: 0
Input [1]: 224
Input [2]: 252
Input [3]: 182
Input [4]: 169
Input [5]: 138
Input [6]: 0
Input [7]: 0
Input [8]: 79
Input [9]: 146
Input [10]: 0
Input [11]: 0
Input [12]: 188
Input [13]: 187
Input [14]: 246
Input [15]: 182
Input [16]: 33
Input [17]: 146
Input [18]: 0
Input [19]: 0
Input [20]: 0
Input [21]: 0
Input [22]: 0
Input [23]: 0
Input [24]: 0
Input [25]: 160
Input [26]: 246
Input [27]: 182
Input [28]: 0
Input [29]: 0
The program displays an error message because it does not have permission to access the device file (is the same error that occurs when running without sudo).
The same error appears if try with the logged user:
ubuntu@arm:~$ sudo -u ubuntu ./pa_access
Error setting comunication with PA board on /dev/i2c-1.
Input [0]: 0
Input [1]: 224
Input [2]: 252
...
...
Input [26]: 246
Input [27]: 182
Input [28]: 0
Input [29]: 0
But passing root as parameter for -u, works fine.
Need to specify the user, since I want to run the program from a PHP script.
What's wrong? Any ideas? Thanks in advance.
Solution
When you run a command with sudo you are effectively changing the user to root. You need to be root to access the hardware.
From Wikipedia:
sudo...allows users to run programs with the security privileges of another user (normally the superuser, or root).
Edit: You should consider following the solution for this question. It suggests building a binary wrapper that can be executed in PHP and run the program with root privilege.
OTHER TIPS
Obviously, the program can only be run as root. www-data is very much not root, which is sort of the point. What you probably want to read up on is setuid.
