Serial port permission denied after manual connect

I made a (nodejs) snap that uses a serial port, and am planning to use auto connect with hotplug.
For now, I test it with hotplug and a manual connection. That works fine on the machine I build the snap (ubuntu server 20.04 arm64), but not on the target system (ubuntu core 18 arm64). These are both running on a raspberry pi 4.

How I tested on ubuntu server:

  • build the snap
  • release the snap
  • install the snap from the store
  • sudo snap set system experimental.hotplug=true
  • plug in the usb stick
  • sudo snap connect my-snap:serial-port snapd:cp210xuartbridge
  • run my snap: works!

But on ubuntu core:

  • install the snap from the store
  • sudo snap set system experimental.hotplug=true
  • plug in the usb stick
  • sudo snap connect my-snap:serial-port snapd:cp2102cp2109uartbrid
  • run my snap: permission denied!

Some extra info:

$ snap interface serial-port
name:    serial-port
summary: allows accessing a specific serial port
plugs:
  - my-snap
slots:
  - pi:bt-serial
  - snapd:cp2102cp2109uartbrid
$ snap connections my-snap
Interface     Plug                         Slot                   Notes
network       my-snap:network       :network               -
network-bind  my-snap:network-bind  :network-bind          -
serial-port   my-snap:serial-port   :cp2102cp2109uartbrid  manual

I’m pretty sure i have the correct device, as there is only 1:

$ ls -l /dev/serial/by-id/
total 0
lrwxrwxrwx 1 root root 13 Aug 21 07:50 usb-Silicon_Labs_CP2104_USB_to_UART_Bridge_Controller_014A641C-if00-port0 -> ../../ttyUSB0
$ ls -l /dev/ttyUSB*
crw-rw---- 1 root dialout 188, 0 Aug 21 07:50 /dev/ttyUSB0

Is there something I missed?

After you have tried to run your snap, check /sys/fs/cgroup/devices/snap.$SNAPNAME.$APPNAME/devices.list to see if you have a line which references c 188:0 or c 188:*. This will indicate whether the device /dev/ttyUSB0 has been added correctly to your snap’s runtime environment.

Also check that the user your snap is running via has been assigned to the dialout group.

Aha, looks like on ubuntu server, the user is by default added to a lot of groups, while on ubuntu core, it’s added to none.

I guess that’s no problem once I run the app as deamon, right?

Thanks for the help!

Correct, when running as a daemon it will by default be running under the root account.

Well, guess I have to test with a daemon then, cause:

/etc/group.1069: Read-only file system
usermod: cannot lock /etc/group; try again later.

Ubuntu core has some fun properties now and then :stuck_out_tongue:

for non-daemon apps (during development/testing), just use sudo to run them :wink: