Give group permissions to specific device

devicesgrouppermissionsudevwebserver

I have a panning web camera I built, (future robot arm).
The camera pans via a web interface (cgi scripts and JS interface)
which access an arduino. To enable sending of commands via the interface,
I added www-data (web-server user group) to the dial-out group that the arduino depends on.

Ah, well, I realize this is not what I want to do, and in very insecure!
What i want to do, is give www-data group users permission to one device,
/dev/ttyACM0

how can I do that, and keep the apache user out of the dial-out group??

UPDATE:
Distro: Debian 7.7

Best Answer

You'll probably want to write a rule for udev. Assuming no changes to udev.conf, your rules file should be placed into /etc/udev/rules.d/; it may help you to crib from packages' rules which may be found in /lib/udev/rules.d/.

Writing good rules is a bit of an acquired art, but you could start with something simple if you have no other ttyACM* devices:

# Give web server read/write access to camera
KERNEL=="ttyACM?", ACTION=="add", \
   MODE:="0660", \
   GROUP:=www-data

You'll want to put the above into a file such as /etc/udev/rules.d/10-camera.rules - it must end in .rules; the two-digit numeric prefix helps get rules in the right sequence, and you might need to adjust it. The bit in between is, of course, just to help you recognise why you created it. :-)

Related Question