Getting SNMP to access the BMP180 pressure sensor.... running a script as root?

I have today installed a BMP180 pressure sensor and got it working correctly using the I2C bus on the RPi. I have created a very simple command script which will work as an SNMP "pass" command to return the pressure as an SNMP variable. I think I know how to do this as I have done the same for CPU temperature and room temperature using the DS18B20 "single-wire" probes.

formatting link

However, I have come across a problem which I an unsure how to solve. It seems that access to the BMP180 device requires a script to be run as SU, so: sudo . However, when SNMP tries to run the script it fails, just as if the script were being run by a regular user. I've tried making the script owned by root, and making it run as if it were root (at least I think so, but my knowledge is very weak in that area), but that doesn't seem to be enough. I get:

IOError: [Errno 13] Permission denied

My script:

#!/bin/bash if [ "$1" = "-g" ] then echo .1.3.6.1.2.1.25.1.20 echo gauge python /home/pi/pressure.py fi exit 0

My Python code:

#!/usr/bin/python import Adafruit_BMP.BMP085 as BMP085 sensor = BMP085.BMP085(mode=BMP085.BMP085_ULTRAHIGHRES) pressure = sensor.read_pressure() + 2179 print '{0:0.0f}'.format(pressure)

Likely it's something obvious which my lack of experience is hiding from me!

sudo snmp-air-pressure -g # works correctly

snmp-air-pressure -g # fails with error 13

--
Thanks, 
David 
 Click to see the full signature
Reply to
David Taylor
Loading thread data ...

On Sat, 28 Feb 2015 19:47:53 +0000, David Taylor declaimed the following:

That looks like a Python format error report...

Didn't it provide a trace back to identify which line it objects to... For all I know, it may be a problem accessing stdout on the print command. It could also be that the module you are importing is locked to certain users... Or something inside the module is attempting a privileged operation.

--
	Wulfraed                 Dennis Lee Bieber         AF6VN 
    wlfraed@ix.netcom.com    HTTP://wlfraed.home.netcom.com/
Reply to
Dennis Lee Bieber

permissions on /dev/i2c-whatever ?

Reply to
Andy Burns

On 28/02/2015 21:54, Dennis Lee Bieber wrote: []

Dennis, yes, it is the privileged operation. Worked with sudo, not without. However, I fixed it with a permissions change - see next post.

--
Cheers, 
David 
 Click to see the full signature
Reply to
David Taylor

Andy, you mailed it in one - something I had not realised might be happening. It seems that "other" was set to no access, and I'm not sure why that was, but changing it fixed the problem.

Was: crw-rw---- 1 root i2c 89, 1 Feb 28 15:12 /dev/i2c-1

Now: crw-rw-rw- 1 root i2c 89, 1 Feb 28 15:12 /dev/i2c-1

I will write this up today....

--
Cheers, 
David 
 Click to see the full signature
Reply to
David Taylor

On 01/03/2015 10:16, David Taylor wrote: []

See:

formatting link

--
Cheers, 
David 
 Click to see the full signature
Reply to
David Taylor

A cleaner way would be to add the allowed I2C user into the i2c group, and let the world access be closed.

--

-TV
Reply to
Tauno Voipio

It won't survive a reboot...

That's the correct way...

Reply to
Tony van der Hoff
[]

Thanks, both. OK, but:

- I don't know who the user would be. I /think/ it would be the snmpd service, but I don't know what account that runs under. From "ps -e u" it would appear to be "snmp". Is that what you mean by user?

- I'm unsure about the groups! I see a file /etc/groups, and grepping that file I see: "i2c:x:112" so that confirms an "i2c" group

At least, Google has helped find the command:

usermod -a -G i2c snmp

so I guess that's what to use?

I did say I was a Linux novice, didn't I?

--
Thanks, 
David 
 Click to see the full signature
Reply to
David Taylor

maybe, but the more familiar command is simply (with admin rights): adduser snmp i2c

Reply to
Tony van der Hoff

Interesting. I needed to apt-get the members command, but on first running it there were no members of the group i2c. After adding snmp there was /only/ snmp as a member. Make me think that this may not be quite the thing do do, although I'll accept that changing permissions on the device may not last over a reboot.

Was: crw-rw---- 1 root i2c 89, 1 Feb 28 15:12 /dev/i2c-1

Now: crw-rw-rw- 1 root i2c 89, 1 Feb 28 15:12 /dev/i2c-1

With members:

members i2c => (none) adduser snmp i2c members i2c => snmp

Puzzled!

--
Cheers, 
David 
 Click to see the full signature
Reply to
David Taylor

On 01/03/2015 15:42, Tony van der Hoff wrote: []

Unfortunately that doesn't work - after a reboot the SNMP pass script still gives an error resulting in a zero output. What does work is:

sudo chmod o=rw /dev/i2c-1

so how can I find some way to make that permanent?

Thanks!

--
Cheers, 
David 
 Click to see the full signature
Reply to
David Taylor

There's no permanent way to do that because Linux device files are created at boot time or, in the case of interchangeable hardware such as USB devices, when the device is connected to your system.

However, there are two workrounds:

1) add the command(s) to /etc/rc.local - this is a script that is run at the last boot action (technically, it is the last thing run each time the runlevel is changed but most RPi users are unlikely to change that), but be aware that it may disappear or be renamed if/when raspbian's daemon management system changes over from sysv.init to systemd. The /etc/rc.local file no longer exists under my Fedora 20 systems. Fedora has used systemd for the last few releases.

2) Add a script to /etc/udev/rules.d which will be run at boot time or whenever a removable device is connected. For instance, I find it convenient to make USB storage devices world readable on my laptop, so I created a file, /etc/udev/rules.d/99-local-rules containing this:

# # Give world read/write access to USB storage devices # KERNEL=="sg0", GROUP="disk", MODE="0666" KERNEL=="sg1", GROUP="cdrom", MODE="0666"

Its name starts with '99' so it will run *AFTER* any rules that create and initialise device files. The KERNEL parameter is the device type: you can discover that by looking at /dev. GROUP has its usual meaning. MODE sets the access permissions using octal notation: 0666 is equivalent to "chmod uga=rw ...."

The current version of raspbian has a file called /etc/udev/rules.d/99-input.rules but as /etc/udev/rules.d/99-local-rules will be sorted after it there shouldn't be a problem.

--
martin@   | Martin Gregorie 
gregorie. | Essex, UK 
 Click to see the full signature
Reply to
Martin Gregorie

First off, It should work. By default, /dev/i2c has rw group membership for i2c. So perhaps you need to make your own user a member of i2c.

Secondly, I emphasise, it's a good idea to override Linux security; PLEASE don't put this "solution" on your blog.

Thirdly, I've not actually tried this; I set my own user to be a member of i2c, and have no problems using it.

However, if you really want to persist with making i2c globally available, you need to edit /lib/udev/rules.d/60-i2c-tools.rules, and change the MODE from 0660 to 0666, quite rightly the number of the beast.

Reply to
Tony van der Hoff

Um, um, USB's not the same as i2c!

Reply to
Tony van der Hoff

^-- not

Reply to
Tony van der Hoff

Of course it isn't, but since it is accessed through a device file in /dev (/dev/i2c-1 according to the OP) the UDEV script I described should work for it. By contrast, the /etc/rc.local script will not work unless the I2C device file is set up at boot time.

Since I've not yet had time to do anything with I2C I don't know what the options are for initialising I2C and hence when the device file(s) get created.

--
martin@   | Martin Gregorie 
gregorie. | Essex, UK 
 Click to see the full signature
Reply to
Martin Gregorie

You have to find which user SNMP is running as.

Please check that the user is in /etc/group under i2c

Your solution is not healthy, it may be achieved by twisting the udev scripts.

--

-Tauno Voipio
Reply to
Tauno Voipio

The way to deal with this for i2c is to add the user to the i2c group (I think someone has suggested that once already)

--
Corruption is not the #1 priority of the Police Commissioner.  His job 
is to enforce the law and fight crime. 
 Click to see the full signature
Reply to
alister

On 03/03/2015 12:44, Tauno Voipio wrote: []

Thanks for all your input.

As you all indicate, I would very much prefer a "clean" solution to altering Linux security, but I do need something which happens automatically at boot time.

I am uncertain which user is required here. The process is created by a "pass" command in SNMP, which runs a shell script. Running: "ps aux" shows a process started with ../snmpd with a user "snmp". I had already added snmp as a member of the group, and running "members i2c" shows that snmp is now a member of the group i2c.

However, when snmp launches a script to run the "pass" command, what user does it use then?

Before I set the o=rw protection on the device, running the script as "pi" the script fails, but running it with "sudo" the script works, so is it as simple as making root a member of the i2c group? In my ignorance, I had thought that root could do most things.

--
Cheers, 
David 
 Click to see the full signature
Reply to
David Taylor

ElectronDepot website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.