I’m also still struggling with this whole safety access things…
I believe a tutorial/example of how to safely use exec binding with scripts would be a great addition here in the forum or the documentation. @ThomDietrich for the rescue?
Hmmm, strange. Without knowing what’s setting the permissions on your devices, it’s sort of hard to figure out how to get them set to the more standard approach of restricted owner (root, typically) and providing group access to processes that need it.
Are you using Exec Binding 1.1 or 2.0? The structure differs between the two and I think your structure is suited to the 1.1 version.
This issue with SUDO permissions has made me confirm my plans for the future. I’ll be moving away from the Pi and use MQTT to a ESP01 with the 433Mhz transmitter connected as this seems like a more secure approach.
I came accross another issue using the ESP8266, maybe this is not for me lol very frustating to not be able to control that outlet!
so here we go, I have found back on my desk an ADAFRUIT ESP8266, following this instruction:
I’m able to see connection from the ESP8266 to the Openhab mosquitto mqtt, therefore when I’m pushing the remote control from the outlet to gather the code using the small RX chip, I can’t see anything, screenshot below:
I’m a little bit confused, and totally not an expert.
This is not mentioned as comment but as a suggestion.
A stupid question is it not better in this case to use the advantage SUID, SGID and sticky bit, to give not owners, member of groups, not others the same permission, make it executable.
setuid programs and the associated sticky bit can be a good way to provide very limited access to elevated privilege. The mechanism isn’t designed to restrict who can do something, but what – for example changing one’s own login password, but not being able to touch anyone else’s. Setuid programs are virtually all written in “hard code” and not in scripting languages and are pretty rare.
User and group membership are the standard way of managing access to resources under POSIX systems. That includes setuid programs as well. (Yes, there are security contexts that go beyond user and group access, but that still falls into “advanced topics” for most non-professionals).
The way it should be done is that /dev/gpiomem has ownership that allows “normal” POSIX group-membership access.
I just checked a completely different RPi that I have and it, as well, has root:gpio ownership of /dev/gpiomem
That openHABian or something else has changed the ownership of your /dev/gpiomem really has to be resolved to provide robust access to your GPIO pins.