Access GPIO (/sys/class/gpio) as non-root

Question

The /sys/class/gpio can only be accessed as root by default. So I like that a new group gpio can use the files and directories under /sys/class/gpio. To achieve that I added the following lines to /etc/rc.local (I'm on Debian):

sudo chown root:gpio /sys/class/gpio/unexport /sys/class/gpio/export
sudo chmod 220 /sys/class/gpio/unexport /sys/class/gpio/export

So this gives write permissions to all the gpio group members. So they can now export and unexport pins fine.

The problem is they can't read/write the specific pin files after export (e.x. /sys/class/gpio/gpio17) beacause those are owned by root:root again.

How can I change that they are created by default as root:gpio too? I mean I can do that manually each time I export a pin. But that's a bit uncomfy.

UPDATE

According to larsks' answer I created the missing rule file. Now it partially works:

-rwxrwx---  1 root gpio 4096 Jun 19 16:48 export
lrwxrwxrwx  1 root gpio    0 Jun 19 16:51 gpio17 -> ../../devices/soc/3f200000.gpio/gpio/gpio17
lrwxrwxrwx  1 root gpio    0 Jun 19 16:45 gpiochip0 -> ../../devices/soc/3f200000.gpio/gpio/gpiochip0
-rwxrwx---  1 root gpio 4096 Jun 19 16:45 unexport

But for the ./gpio17/ I still get root:root:

-rw-r--r-- 1 root root 4096 Jun 19 16:52 active_low
lrwxrwxrwx 1 root root    0 Jun 19 16:52 device -> ../../../3f200000.gpio
-rw-r--r-- 1 root root 4096 Jun 19 16:52 direction
-rw-r--r-- 1 root root 4096 Jun 19 16:52 edge
drwxr-xr-x 2 root root    0 Jun 19 16:52 power
lrwxrwxrwx 1 root root    0 Jun 19 16:52 subsystem -> ../../../../../class/gpio
-rw-r--r-- 1 root root 4096 Jun 19 16:52 uevent
-rw-r--r-- 1 root root 4096 Jun 19 16:52 value

UPDATE 2

Okay I solved the problem. Because I installed Raspbian over the RaspbianInstaller I never went through the raspi-config tool. This seems to be a problem. Because I was also missing the /sys/device/virtual/gpio/ folder.

I followed this guide here: https://community.element14.com/products/raspberry-pi/f/forum/26425/piface-digital-2---setup-and-use#139528

And afterwards the permissions were correct (even for the pin-folders and their files value, direction, ...).

Answer 1

You can do this using udev rules, which can define actions to execute when the kernel instantiates new devices. Current versions of the Raspbian distribution for Raspberry Pi devices contain the following in /etc/udev/rules.d/99-com.rules:

SUBSYSTEM=="gpio*", PROGRAM="/bin/sh -c 'chown -R root:gpio /sys/class/gpio && chmod -R 770 /sys/class/gpio; chown -R root:gpio /sys/devices/virtual/gpio && chmod -R 770 /sys/devices/virtual/gpio'"

This ensures that entries under /sys/class/gpio are always available to members of the gpio group:

# ls -lL /sys/class/gpio/
total 0
-rwxrwx--- 1 root gpio 4096 May  6 23:36 export
drwxrwx--- 2 root gpio    0 Jan  1  1970 gpiochip0
-rwxrwx--- 1 root gpio 4096 May  6 23:37 unexport
# echo 11 > /sys/class/gpio/export 
# ls -lL /sys/class/gpio/
total 0
-rwxrwx--- 1 root gpio 4096 May  6 23:37 export
drwxrwx--- 2 root gpio    0 May  6 23:37 gpio11
drwxrwx--- 2 root gpio    0 Jan  1  1970 gpiochip0
-rwxrwx--- 1 root gpio 4096 May  6 23:37 unexport

Update

Permissions are correct for individual pins as well:

# ls -Ll /sys/class/gpio/gpio11/
total 0
-rwxrwx--- 1 root gpio 4096 May  6 23:37 active_low
drwxr-xr-x 3 root root    0 May  6 23:36 device
-rwxrwx--- 1 root gpio 4096 May  6 23:37 direction
-rwxrwx--- 1 root gpio 4096 May  6 23:37 edge
drwxrwx--- 2 root gpio    0 May  6 23:37 subsystem
-rwxrwx--- 1 root gpio 4096 May  6 23:37 uevent
-rwxrwx--- 1 root gpio 4096 May  6 23:37 value

Answer 2

Check the groups you belong to:

userk@dopamine $: groups
userk sudo dialout

If you belong to dialout the following, if not, comment.

userk@dopamine $: ls -l /dev/gpiomem 
crw------- root root /dev/gpiomem

This file mirrors the memory associated with the GPIO device. The output of the command means that the owner of the file is the root user and the group that "owns" it is the root group. The 10 characters represent the file type and the permissions associated with it. The current configuration allows the owner of the file to read and write to the file.

You want to be able to read and write that file if you want to control the gpios.

One option would be to modify the group owner and make it match with the one you belong to (dialout in my case) and set the permissions in order to allow all users of that group to read and write the file.

Long story short:

userk@dopamine $: sudo chown root:dialout /dev/gpiomem
userk@dopamine $: sudo chmod 660 /dev/gpiomem

Wait! This setting won't be persistent and will vanish after reboot.

See this post for further info about the topic

Answer 3

For Ubuntu run.

sudo apt install rpi.gpio-common

Answer 4

More common rule for 4.x kernels will be the following

SUBSYSTEM=="gpio*", PROGRAM="/bin/sh -c 'find -L /sys/class/gpio/ -maxdepth 2 -exec chown root:gpio {} \; -exec chmod 770 {} \; || true'"

The rule in the initial answer will fail to chown the exported gpio if there's a symbolic link in the path

UPD please beg in mind that when you export some GPIO via sysfs, you should wait for udev rule to fire and complete before you get desired access rights. The thing that worked for me was sleep about 100ms before trying to access GPIO files.

Answer 5

Expanding on the answer by @roman-savrulin, here's a simpler version.

There's no need to run the rule on REMOVE events, only ADD events. There's also no need to run 'find' as the udev environment will supply the exact path of the sysfs directory containing the new GPIO pin's files. You can also use 'chgrp' to change only the owning group, and symbolic modes in 'chmod' to only add the group-write permission bit.

You'll still have to wait for the completion of the rule processing before trying to open the pin's files, but the process should complete more quickly with a simpler rule which only touches the minimum number of files necessary.

SUBSYSTEM=="gpio*", ACTION=="add", PROGRAM="/bin/sh -c 'chgrp -R gpio /sys/${DEVPATH} && chmod -R g+w /sys/${DEVPATH}'"