Apache cannot open i2c bus

Mon Apr 08, 2019 9:20 am

I have a web page (CGI script) that needs to issue commands to the i2c bus, but the stock Raspberry Pi won't allow it. I have tried both a Python script and a compiled c program, and neither will open the i2c bus when run from Apache2 on an unmodified system. Both work fine from the command line. Looking at /dev/i2c-1, I see the user is root and the group is i2c. Setting the CGI user to be root is a real no-no, but I don't see too great a security issue with making www-data a member of i2c. The only problem is, it doesn't work. After adding www-data to the i2c group, the script still cannot open the i2c bus when run as www-data by Apache2. I can get it to work by changing the permissions of /dev/i2c-1 from 0660 to 0666 in /etc/udev/rules.d/, but that is a little bit less secure than adding www-data to the i2c group, if I could get it to work that way (or some other way). Now, all that said, I don't think making /dev/i2c-1 world readable and writable is all that great a security risk, but still one would like to take the path offering the greatest practically obtainable security especially for applications being accessed from the internet. Not only that, but this application is going to be distributed into the wild, and the fewer low-level modifications, the better for both portability and support reasons. System modifications are best avoided. Does anyone here have any ideas how to get this to work other than changing the permissions on the i2c bus device? I am really puzzled why adding www-data to the i2c group doesn't work.

Re: Apache cannot open i2c bus

Mon Apr 08, 2019 10:35 am

sudo usemod -G -a i2c www-data
sudo systemctl restart apache2
