User talk:D3rdon

From ArchWiki
Jump to: navigation, search

Ad: Arduino#avrdude_Permission_denied_error

Hello. Thanks for your help with the Wiki!

I’ve just updated Arduino#avrdude_Permission_denied_error. There are two issues here:

  1. (I’ve fixed this one already myself) Don’t use setuid, use sudo. Setting setuid allows anyone on the system to execute a program with root permissions. Don’t do this until really necessary, and only if you’re sure that the program has really been designed to work with root permisions. In nearly all cases sudo is the way to do this, as it at least provides control over who can execute the program, and also the calls are logged into the journal.
  2. (For this one your assistance is needed) Better yet, don’t run things as root until needed. I’m pretty sure the issue arises from setting wrong permissions for /dev/ttyACM0. Set the right permissions, and don’t try to circumvent the problem by blindly executing commands as root. More precisely, the user that executes avrdude should be in a group that owns /dev/ttyACM0 and the group should have rw access to the file. Since by default the group is root, one can use udev rules to change that. This is a part of the line from my udev rules that I was successfully used some time ago for setting the group to “users” and assigning proper permissions for an Arduino controlling my RepRap:
    SUBSYSTEMS=="usb", ATTRS{idVendor}=="2341", ATTRS{idProduct}=="0042", ATTRS{serial}=="--serial-of-device--", GROUP="users", MODE="0660"
    Try to dig around that, and — if it works — fix the entry on Wiki. If it doesn’t then as a last resort you can write to chmod o+rw /dev/ttyACM0. But don’t advise to just run software as root or, even worse, make software runnable as root to anyone.

I’m pointing this out also because you may be unaware that you’ve created a security hole in your own system.

--Mpan (talk) 20:30, 12 April 2016 (UTC)

Well i tried to set my udev rules: SUBSYSTEM=="usb", ATTRS{idVendor}=="2341", ATTRS{idProduct}=="8036", GROUP="users", MODE="0666" and also made the necessary sudo chmod o+rw /dev/ttyACM0, but it still fails and the only thing i could do would be to start arduino with sudo rights, or give avrdude sudo permissions, which is for me more convenient, because every file saved by arduino is user editable and i dont need sudo rights to make a small change. Even though it is a huge security risk. Would love to see a better solution.

Your udev rule is misspelled. Should be SUBSYSTEMS, not SUBSYSTEM. SUBSYSTEM applies only to the deepest node of the path, and there you don’t have required attributes. SUBSYSTEMS applies to other nodes, including those of interest.
However, the udev rule is only a convenient way to avoid repetetive task of changing permissions every time one connects their device. The actual thing is setting the permissions. And this must work — there is nothing in avrdude I can think of that would require it to have access to anything else than the device file itself, and the permissions guarantee that the program has that access. What does strace tells on the subject? (if you want to provide the log, use pb or another paste service, don’t post the output here; remember to remove private information). --Mpan (talk) 08:43, 13 April 2016 (UTC)
In case of problems, I’m idling at #archlinux@freenode. You may always pm me. Today I’ll be generally AFK, but should be back at night UTC, and certainly you may expect me tommorow afternoon–night UTC. --Mpan (talk) 08:48, 13 April 2016 (UTC)


However, the udev rule is only a convenient way to avoid repetetive task of changing permissions every time one connects their device. The actual thing is setting the permissions. And this must work — there is nothing in avrdude I can think of that would require it to have access to anything else than the device file itself, and the permissions guarantee that the program has that access. What does strace tells on the subject? (if you want to provide the log, use pb or another paste service, don’t post the output here; remember to remove private information). --Mpan (talk) 08:43, 13 April 2016 (UTC)


Well as it turns out i seem to have the same error as in this thread. Arch Forum and subscribed to it now. Maybe it could be added to the wiki with the mention of it beeing a big security risk?

The thread suggest exactly the same as I did: add a udev rule for Arduino. As the second approach, it telles to add oneself to the uucp group. Didn’t worked in OP’s case, because it seems they have forget to re-log after changing groups. The thread also mentions that Arduino may reconnect upon reset, resetting permissions, but the case is covered by both provided solutions.
Btw: why are you not signing your messages? And not using indentation? It’s pretty hard to realize what’s going on this page. --Mpan (talk) 05:40, 15 April 2016 (UTC)
Could you please confirm, that this is Arduino Leonardo? idProduct of the USB serial port suggests that, but it’s just a guess. Also: what exactly happens with the udev rule? Does it work? Doesn’t work at all? Fails in some specific circumstances? When, how exactly? --Mpan (talk) 02:04, 16 April 2016 (UTC)