 |
 |
 |
| lg lgpio C lgpio Python Daemon rgpio C rgpio Python rgs Download Examples FAQ Site Map | PermissionsDaemon Access ControlThe rpgpio daemon operates in two modes - with or without access control.The default setting is without access control and the permissions system does not apply (so the rest of this section may be ignored). If the rgpiod daemon is started with the -x option it implements an access control permissions system to its functions. There are three parts to the permissions system.
The daemon client "logs in" to the daemon by choosing a user name. If the client and daemon copies of the password for the user match the user is "logged in". The client program is then authorised to carry out any functions permitted to the user as specified in the permits file. User secret fileThe user .lg_secret file contains a list of user names with an associated password.These passwords have no relationship to the passwords used by Linux and should not be the same. The format is user=password. An example .lg_secret file. # user secrets fileThe file should be readable/writable by the owner only. chmod 600 .lg_secret Daemon secret fileThe daemon .lg_secret file contains a list of user names with an associated password.These passwords have no relationship to the passwords used by Linux and should not be the same. The format is user=password. An example daemon .lg_secret file. # rgpiod secrets fileThe file should be readable/writable by the owner only. chmod 600 .lg_secret Daemon permits fileThe permits file can contain the following sections. If a section is absent it means that access to those features is forbidden.[debug][debug]Each entry in this section takes one of the following forms: user=y or user=n.If the form user=y is used that user is allowed to use the debug commands. If the form user=n is used, or there is no entry for the user, that user is not allowed to use the debug command. If the [debug] section is not present no user is allowed to use the debug commands. The debug commands are set and get sbc internals and reload configuration. [files]Each entry in this section takes the form user=path x where path indicates a file path and x refers to a permission. E.g. /home/peter/data.txt r refers to Linux file/home/peter/data.txt and read permission.There may be more than one path entry per user, each must be separated by a : character. path may contain the wild card characters * (matches any characters) or ? (matches a single character). If the path entry starts with / it is relative to root (/) otherwise it is relative to the daemons's working directory. The permission may be R for read, W for write, U for read/write, and N for no access. If a directory allows read/write access then files may be created in that directory. Where more than one entry matches a file the most specific rule applies. If no entry matches a file then access is denied. Example joan=/tmp/* u:* n:TEST/* r:TEST/TEST/* uUser joan may create, read, and write files in the /tmp directory (/tmp/* u). User joan has no access to files in the working directory (* n). Overridden by user joan has read permission for files in the TEST directory of the working directory (TEST/* r). Overridden by user joan may create, read, and write files in the TEST/TEST directory of the working directory (TEST/TEST* u). [gpio]Each entry in this section takes the form user=x.y where x indicates a gpiochip device and y indicates a GPIO. E.g. 1.2 refers to Linux device /dev/gpiochip1 GPIO 2.There may be more than one x.y entry per user, each must be separated by a : character. Both x and y may have the following forms. * all gpiochips or all GPIO. n a single gpiochip or GPIO. n,n a list of gpiochips or GPIO. n-n a range of gpiochips or GPIO. Example fred=0.2-27 # user fred can access gpiochip 0 GPIO 2-27.[i2c]Each entry in this section takes the form user=x.y where x indicates an I2C bus and y indicates a device on the bus. E.g. 1.27 refers to Linux device /dev/i2c-1 device 27.There may be more than one x.y entry per user, each must be separated by a : character. Both x and y may have the following forms. * all I2C buses or all devices. n a single I2C bus or device. n,n a list of I2C buses or devices. n-n a range of I2C buses or devices. Example fred=0.3-127 # user fred can access I2C bus 0 devices 3-127.[notify]Each entry in this section takes one of the following forms: user=y or user=n.If the form user=y is used that user is allowed to use the notify commands. If the form user=n is used, or there is no entry for the user, that user is not allowed to use the notifiy commands. If the [notify] section is not present no user is allowed to use the notify commands. [scripts]Each entry in this section takes one of the following forms: user=y or user=n.If the form user=y is used that user is allowed to use the script commands. If the form user=n is used, or there is no entry for the user, that user is not allowed to use the script command. If the [debug] section is not present no user is allowed to use the script commands. [serial]Each entry in this section takes the form user=device where device indicates a serial device. E.g. serial0 refers to Linux device /dev/serial0There may be more than one device entry per user, each must be separated by a : character. device may contain the wild card characters * (matches any characters) or ? (matches a single character). Example fred=serial0 # user fred can access /dev/serial0.[shell]Each entry in this section takes one of the following forms: user=y or user=n.If the form user=y is used that user is allowed to use the shell commands. If the form user=n is used, or there is no entry for the user, that user is not allowed to use the shell commands. If the [shell] section is not present no user is allowed to use the shell commands. [spi]Each entry in this section takes the form user=x.y where x indicates a SPI bus and y indicates a slave select. E.g. 1.2 refers to Linux device /dev/spidev1.2There may be more than one x.y entry per user, each must be separated by a : character. Both x and y may have the following forms. * all SPI buses or all slaves. n a single SPI bus or slave. n,n a list of SPI buses or slaves. n-n a range of SPI buses or slaves. Example fred=0.0-2 # user fred can access SPI bus 0 slaves 0-2.Example permits file# rgpiod test file for user access |
[lg]
[lgpio C]
[lgpio Python]
[Daemon]
[rgpio C]
[rgpio Python]
[rgs]
[Download]
[Examples]
[FAQ]
[Site Map]
© 2020-2021 |
(2021-01-16 21:12) |