Add a user to dialout group

dhoomakethu · February 21, 2018, 2:41pm

I am trying to add an existing user to dialout group but the operations are failing .

Here are the commands I have tried so -far

admin@localhost:~$ sudo adduser admin dialout
[sudo] password for admin:
perl: warning: Setting locale failed.
perl: warning: Please check that your locale settings:
	LANGUAGE = (unset),
	LC_ALL = "en_US.UTF-8",
	LC_CTYPE = "UTF-8",
	LANG = "C.UTF-8"
    are supported and installed on your system.
perl: warning: Falling back to a fallback locale ("C.UTF-8").
Adding user `admin' to group `dialout' ...
Adding user admin to group dialout
gpasswd: cannot lock /etc/group; try again later.
adduser: `/usr/bin/gpasswd -a admin dialout' returned error code 1. Exiting.

admin@localhost:~$ sudo usermod -a -G dialout admin
usermod: /etc/group.22816: Read-only file system
usermod: cannot lock /etc/group; try again later.

Is there a workaround to overcome this problem ?

ogra · February 21, 2018, 2:49pm

Why do you want to do this ? What is the goal you try to achieve ?

dhoomakethu · February 21, 2018, 3:08pm

I would like to access USB ports on the device I am working with, which
belongs to dialout group. I have no control on what devices are going to
be connected on to these ports.

ಅವರು ಬರೆದಿದ್ದಾರೆ:

ogra · February 21, 2018, 3:30pm

Take a look at the raw-usb or serial interfaces then, groups are rather shallow on Ubuntu Core atm.

If you use the correct interfaces in your snap app, snapd will take care to allow you access via udev-acl to these specific devices typically …

dhoomakethu · February 21, 2018, 3:47pm

Thanks @ogra for the suggestion, I have tried both of them with out any success.

ogra · February 21, 2018, 3:48pm

what are the actual errors you get ? (are there denials in syslog/journalctl ?)

dhoomakethu · February 21, 2018, 3:50pm

Here are the logs.

 [ 6697.500323] audit: type=1400 audit(1519206675.199:451): apparmor="DENIED" operation="open"     profile="snap.mysnap.beser" name="/dev/ttyUSB0" pid=19197 comm="python2" requested_mask="wr" denied_mask="wr" fsuid=0 ouid=0
    [ 8298.991253] audit: type=1400 audit(1519208274.109:1020): apparmor="DENIED" operation="open" profile="snap.mysnap.beser" name="/dev/ttyUSB0" pid=13541 comm="python2" requested_mask="wr" denied_mask="wr" fsuid=0 ouid=0
    [12164.851585] audit: type=1400 audit(1519212133.758:1443): apparmor="DENIED" operation="open" profile="snap.mysnap.beser" name="/dev/ttyUSB0" pid=16947 comm="python2" requested_mask="wr" denied_mask="wr" fsuid=0 ouid=0

ogra · February 21, 2018, 3:51pm

and your interfaces are connected (and properly defined in the gadget) ?

jdstrand · February 21, 2018, 3:52pm

@dhoomakethu - with the proper interfaces connected, you should be able to use the devices under sudo.

@ogra - I’m guessing @dhoomakethu is trying to avoid needing to use sudo to access the devices.

@dhoomakethu - you are probably interested in the ‘Device access’ use case of this topic: Multiple users and groups in snaps

dhoomakethu · February 21, 2018, 3:56pm

@ogra Yes, they are defined in the gadget. I could access the devices connected to serial ports with out any issues after adding them to the gadget but the USB is still no accessbile. @jdstrand , I am running the app as a system daemon and I use sudo whenever I need to use the app as standalone. I will through the article you have shared. Thanks

dhoomakethu · February 21, 2018, 3:57pm

My problem specifically falls under this .

Unfortunately there are quite a few devices that are not covered either because there isn’t a uaccess rule for it (eg, a serial-port) or because the rules don’t apply for some reason (logging in via ssh and accessing /dev/video* or /dev/snd/* (seat rules don’t apply cause not local)).

dhoomakethu · February 21, 2018, 4:02pm

Would it be possible to add the user to a particular group with /var/lib/extrausers ?

ogra · February 21, 2018, 4:08pm

to add a user to a system group you need to append the username to the respecive group line in /etc/group … extrausers only helps with non-system groups, so no it would not help since /etc/groups is inside the core snap (readonly squashfs).

jdstrand · February 21, 2018, 4:11pm

Yes but that is only if you aren’t using sudo, but you said you are using sudo, and you have apparmor denials for the device access, so while that topic will be potentially interseting for you once you work out how to setup the gadget, etc, right now you need to get the interfaces setup right for your device (which is what @ogra is helping you with).

dhoomakethu · February 21, 2018, 4:13pm

Ok, coming back to gadget, should the path for usb slots mentioned in a particular pattern ? I have the path as /dev/ttyUSB0 and so on. I was going through this article and it was mentioned to follow /dev/serial-port-<whatever> pattern.

ogra · February 21, 2018, 4:39pm

Well, i’m not really sure why @kyrofa uses the named symlink there you can surely just use /dev/ttyUSB0 like:

slots:
  myserial1:
    interface: serial-port
    path: /dev/ttyUSB0
    usb-vendor: 0x1234
    usb-product: 0x5678

(there is also a way to match devices based on the usb serial but i have never used that)

kyrofa · February 21, 2018, 5:13pm

@ogra because of this. If that logic has changed, no one said anything to me about it. The bug is still open, too.

ogra · February 21, 2018, 5:18pm

hmm, why doesnt the same pattern-matching apply if i plainly use the serial-port interface as is ? weird … (i can definitely use /dev/ttyS0 (without vendor and product) on a normal serial port)

dhoomakethu · February 27, 2018, 8:46am

@kyrofa is correct , using /dev/ttyUSB* does not work.

2018-02-27T07:37:13Z INFO snap "pc" has bad plugs or slots: usb0, usb1, usb2, usb3 (serial-port path attribute specifies invalid symlink location)

Anyhow the original question still is open (how to add user to dialout group)

I found this being suggested in another forum topic.