Wrong permissions/ownership on /dev/ttyUSB* for a Zigbee USB Dongle
xavierdemoor opened this issue · 6 comments
Expected Behavior
When I plug my USB device, add the correct configuration into my docker-compose.yml (devices: - "/dev/ttyUSB0:/dev/ttyUSB0"), I'm able to use this USB device into Home Assistant.
Current Behavior
The USB is visible into the container but the owner and permissions doesn't allow to use it. The device is owned by root and only root can read/write: crw------- 1 root root 188, 0 Jul 26 18:42 ttyUSB0. Home Assistant can't use the USB device.
Steps to Reproduce
- Plug a USB device
- Add the correct configuration to docker-compose.yml
- Launch the container
- type
ls -la /devto see the permissions for the USB device
Environment
OS: Synology DSM 7
CPU architecture: x86_64
How docker service was installed: Docker is installed with the Synology package
Command used to create docker container (run/create/compose/screenshot)
homeassistant:
image: linuxserver/homeassistant:latest
container_name: homeassistant
network_mode: host
restart: unless-stopped
devices:
- "/dev/ttyUSB0:/dev/ttyUSB0"
environment:
- PUID=$PUID
- PGID=$PGID
- TZ=$TZ
volumes:
- $DOCKER_FOLDER/homeassistant:/config
Log
Retrying setup: [Errno 13] could not open port /dev/ttyUSB0: [Errno 13] Permission denied: '/dev/ttyUSB0'
For the moment, I fixed this with a chmod a+rw /dev/ttyUSB0 on my host, but it's not really a good way to fix this, I think.
That actually is the correct way to fix it, because it's ultimately an issue with your host.
Normally, those devices need to be in a specific group other than root (render or video for video devices and dialout for sub devices), and have group read/write perms so that any app that needs access to those devices would run as a user as part of that group and hence having access to the device without being root. Your host basically requires root access for accessing those devices.
We're basically going to fix it by giving the device group read/write perms, same as the fix you applied
That actually is the correct way to fix it, because it's ultimately an issue with your host.
So, the problem is how the Synology sets permissions in this case ? It doesn't have any render, video or dialout group.
Just for my knowledge: Isn't better to set the group of the device to users and give it +rw (on the host), so every users (created account on the synology) can r/w the device, instead of everyone like now (a+rw)? Just to be sure; I'm not confident in changing things on a synology :p
Thank you for the quick fix ! :)
Just for my knowledge: Isn't better to set the group of the device to users and give it +rw (on the host), so every users (created account on the synology) can r/w the device, instead of everyone like now (a+rw)? Just to be sure; I'm not confident in changing things on a synology :p
The container doesn't change ownership of devices (also can't without --privileged) and we don't want it to as it would be too intrusive. Plus, this PR is not Syno specific.
We don't do a+rw, we do g+rw
Just for my knowledge: Isn't better to set the group of the device to users and give it +rw (on the host), so every users (created account on the synology) can r/w the device, instead of everyone like now (a+rw)? Just to be sure; I'm not confident in changing things on a synology :p
The container doesn't change ownership of devices (also can't without
--privileged) and we don't want it to as it would be too intrusive. Plus, this PR is not Syno specific.We don't do
a+rw, we dog+rw
Ok, thank you :)