Access GPIO (/sys/class/gpio) as non-root

Question

The /sys/class/gpio can only be accessed as root by default. So I like that a new group gpio can use the files and directories under /sys/class/gpio. To achieve that I added the following lines to /etc/rc.local (I'm on Debian):

sudo chown root:gpio /sys/class/gpio/unexport /sys/class/gpio/export
sudo chmod 220 /sys/class/gpio/unexport /sys/class/gpio/export

So this gives write permissions to all the gpio group members. So they can now export and unexport pins fine.

The problem is they can't read/write the specific pin files after export (e.x. /sys/class/gpio/gpio17) beacause those are owned by root:root again.

How can I change that they are created by default as root:gpio too? I mean I can do that manually each time I export a pin. But that's a bit uncomfy.

UPDATE

According to larsks' answer I created the missing rule file. Now it partially works:

-rwxrwx---  1 root gpio 4096 Jun 19 16:48 export
lrwxrwxrwx  1 root gpio    0 Jun 19 16:51 gpio17 -> ../../devices/soc/3f200000.gpio/gpio/gpio17
lrwxrwxrwx  1 root gpio    0 Jun 19 16:45 gpiochip0 -> ../../devices/soc/3f200000.gpio/gpio/gpiochip0
-rwxrwx---  1 root gpio 4096 Jun 19 16:45 unexport

But for the ./gpio17/ I still get root:root:

-rw-r--r-- 1 root root 4096 Jun 19 16:52 active_low
lrwxrwxrwx 1 root root    0 Jun 19 16:52 device -> ../../../3f200000.gpio
-rw-r--r-- 1 root root 4096 Jun 19 16:52 direction
-rw-r--r-- 1 root root 4096 Jun 19 16:52 edge
drwxr-xr-x 2 root root    0 Jun 19 16:52 power
lrwxrwxrwx 1 root root    0 Jun 19 16:52 subsystem -> ../../../../../class/gpio
-rw-r--r-- 1 root root 4096 Jun 19 16:52 uevent
-rw-r--r-- 1 root root 4096 Jun 19 16:52 value

UPDATE 2

Okay I solved the problem. Because I installed Raspbian over the RaspbianInstaller I never went through the raspi-config tool. This seems to be a problem. Because I was also missing the /sys/device/virtual/gpio/ folder.

I followed this guide here: https://community.element14.com/products/raspberry-pi/f/forum/26425/piface-digital-2---setup-and-use#139528

And afterwards the permissions were correct (even for the pin-folders and their files value, direction, ...).

Roman Savrulin · Answer 1 · 2018-06-04T19:19:52.437

18

More common rule for 4.x kernels will be the following

SUBSYSTEM=="gpio*", PROGRAM="/bin/sh -c 'find -L /sys/class/gpio/ -maxdepth 2 -exec chown root:gpio {} \; -exec chmod 770 {} \; || true'"

The rule in the initial answer will fail to chown the exported gpio if there's a symbolic link in the path

UPD please beg in mind that when you export some GPIO via sysfs, you should wait for udev rule to fire and complete before you get desired access rights. The thing that worked for me was sleep about 100ms before trying to access GPIO files.

edited Jun 04 '18 at 19:19

answered Jun 01 '18 at 20:09

Roman Savrulin

183
1
6

1

This should be preferred over the above answers for newer Kernels. – Pascal Nov 06 '18 at 22:14
This worked! with kernel 4.15 on an ubuntu 18.04 distro (not raspbian) which has no raspi-config nor this udev rule. With this distro one needs to make gpio group and add your user to it. https://www.finnie.org/software/raspberrypi/ubuntu-rpi3/ – DKebler Mar 13 '19 at 21:44
do you know how to do this with gernel 5.x ?? I seems not to worke like this with a newer kernel – Richy1989 Nov 05 '20 at 21:17

larsks · Accepted Answer · 2015-06-19T15:23:57.347

11

You can do this using udev rules, which can define actions to execute when the kernel instantiates new devices. Current versions of the Raspbian distribution for Raspberry Pi devices contain the following in /etc/udev/rules.d/99-com.rules:

SUBSYSTEM=="gpio*", PROGRAM="/bin/sh -c 'chown -R root:gpio /sys/class/gpio && chmod -R 770 /sys/class/gpio; chown -R root:gpio /sys/devices/virtual/gpio && chmod -R 770 /sys/devices/virtual/gpio'"

This ensures that entries under /sys/class/gpio are always available to members of the gpio group:

# ls -lL /sys/class/gpio/
total 0
-rwxrwx--- 1 root gpio 4096 May  6 23:36 export
drwxrwx--- 2 root gpio    0 Jan  1  1970 gpiochip0
-rwxrwx--- 1 root gpio 4096 May  6 23:37 unexport
# echo 11 > /sys/class/gpio/export 
# ls -lL /sys/class/gpio/
total 0
-rwxrwx--- 1 root gpio 4096 May  6 23:37 export
drwxrwx--- 2 root gpio    0 May  6 23:37 gpio11
drwxrwx--- 2 root gpio    0 Jan  1  1970 gpiochip0
-rwxrwx--- 1 root gpio 4096 May  6 23:37 unexport

Update

Permissions are correct for individual pins as well:

# ls -Ll /sys/class/gpio/gpio11/
total 0
-rwxrwx--- 1 root gpio 4096 May  6 23:37 active_low
drwxr-xr-x 3 root root    0 May  6 23:36 device
-rwxrwx--- 1 root gpio 4096 May  6 23:37 direction
-rwxrwx--- 1 root gpio 4096 May  6 23:37 edge
drwxrwx--- 2 root gpio    0 May  6 23:37 subsystem
-rwxrwx--- 1 root gpio 4096 May  6 23:37 uevent
-rwxrwx--- 1 root gpio 4096 May  6 23:37 value

edited Jun 19 '15 at 15:23

answered Jun 19 '15 at 14:20

larsks

277,717
41
399
399

Thx for your answer. But then I can't write to `/sys/class/gpio/gpio11/value` for example. All files in `/sys/class/gpio/gpio11/` are still owned by `root:root` and not like `(un)export` by `root:gpio`. – TiMESPLiNTER Jun 19 '15 at 14:53
Of course you can. That udev rule performs recursive changes on `/sys/class/gpio`; I've updated the answer with what the contents of the `gpio11` directory look like. Did you try it and have it fail? – larsks Jun 19 '15 at 15:23
Yes I've tried it out. And for your updated `ls -Ll` I see `root:root` and not as you `root:gpio`. But it works for `/sys/class/gpio/*`. So exporting pins is now possible but not working with them afterwards. – TiMESPLiNTER Jun 19 '15 at 15:25
I'm not sure what you're looking at. The `value` file is clearly writeable by the `gpio` group. This totally works and I use it all the time for accessing GPIO pins as a non-root user. – larsks Jun 19 '15 at 15:26
3

Not for me. For me it says `root:root`. I installed raspbian 1 week ago and I didn't have had this rule file you mentioned so I created it myself. Is this maybe the problem? – TiMESPLiNTER Jun 19 '15 at 15:28
If you created it yourself just now you would need to at least reload the `udev` service, possibly [like this](http://unix.stackexchange.com/questions/39370/how-to-reload-udev-rules-without-reboot), or just reboot. I just picked up the Raspbian image this morning; it's dated 2015-05-05 and has that udev rule in place already. – larsks Jun 19 '15 at 15:30
I did a reboot. I updated my answer with my dir listings so you can see what I mean. – TiMESPLiNTER Jun 19 '15 at 15:31
As an addtion I'm also missing the whole `/sys/devices/virtual/gpio` directory. – TiMESPLiNTER Jun 19 '15 at 15:57
This worked perfectly for me. Note to other users, you'll have to reboot after applying the udev change. – Cerin Oct 18 '15 at 03:46
3

I am using a Raspberry PI 2 and have followed the instructions written by Raymond on element14 but, unlike the OP, permissions for exported gpio pins, i.e. `/sys/class/gpio/gpioXY/*` are still owned by `root:root` instead of `root:gpio`. I have no idea what to do next. – Dec 09 '15 at 16:29
1

@Nasha probably a bit late but I had the exact same issue. I missed to run `raspi-config` from the cli which sets the correct user and group for the files. – TiMESPLiNTER Aug 12 '16 at 07:22
On some platforms you may also have to briefly wait for the pins to be exported and udev rules to be applied. – Ryan Tennill Mar 12 '18 at 23:50

score 2 · Answer 3 · answered Apr 18 '20 at 16:28

Expanding on the answer by @roman-savrulin, here's a simpler version.

There's no need to run the rule on REMOVE events, only ADD events. There's also no need to run 'find' as the udev environment will supply the exact path of the sysfs directory containing the new GPIO pin's files. You can also use 'chgrp' to change only the owning group, and symbolic modes in 'chmod' to only add the group-write permission bit.

You'll still have to wait for the completion of the rule processing before trying to open the pin's files, but the process should complete more quickly with a simpler rule which only touches the minimum number of files necessary.

SUBSYSTEM=="gpio*", ACTION=="add", PROGRAM="/bin/sh -c 'chgrp -R gpio /sys/${DEVPATH} && chmod -R g+w /sys/${DEVPATH}'"

score 0 · Answer 4 · answered Sep 15 '20 at 21:56

Check the groups you belong to:

userk@dopamine $: groups
userk sudo dialout

If you belong to dialout the following, if not, comment.

userk@dopamine $: ls -l /dev/gpiomem 
crw------- root root /dev/gpiomem

This file mirrors the memory associated with the GPIO device. The output of the command means that the owner of the file is the root user and the group that "owns" it is the root group. The 10 characters represent the file type and the permissions associated with it. The current configuration allows the owner of the file to read and write to the file.

You want to be able to read and write that file if you want to control the gpios.

One option would be to modify the group owner and make it match with the one you belong to (dialout in my case) and set the permissions in order to allow all users of that group to read and write the file.

Long story short:

userk@dopamine $: sudo chown root:dialout /dev/gpiomem
userk@dopamine $: sudo chmod 660 /dev/gpiomem

Wait! This setting won't be persistent and will vanish after reboot.

See this post for further info about the topic

score 0 · Answer 5 · answered Jan 28 '21 at 10:50

0

For Ubuntu run.

sudo apt install rpi.gpio-common

answered Jan 28 '21 at 10:50

4xy

3,494
2
20
35

Access GPIO (/sys/class/gpio) as non-root

5 Answers5