Serial Port Issue: Permission denied, cannot open /dev/ttyACM0


Hi everyone!

I have a application running that reads info from 2 devices connected in serial port mode. The thing is I have this app running in a Dell that uses Ubuntu Core, so when type "snap logs node-red" it displays an error on serial port (now I only have one device connected, when solved I will connect both devices):

> 2018-11-02T11:49:19Z node-red.node-red[4692]: 2 Nov 11:49:19 - [info] Starting flows
> 2018-11-02T11:49:19Z node-red.node-red[4692]: 2 Nov 11:49:19 - [info] Started flows
> 2018-11-02T11:49:19Z node-red.node-red[4692]: 2 Nov 11:49:19 - [error] serial port /dev/ttyACM0 error: Error: Error: Permission denied, cannot open /dev/ttyACM0

I know it's a permission problem, but i'm new in Ubuntu and don't know how to solve it. What folders or files have node-red permission? Node-Red is installed in home/admin

Thanks in advance :slight_smile:



I suspect that is a snap/Ubuntu Core issue, not a node-red issue. I believe that by default snaps do not have access to the serial ports. I think you need to ask someone who knows about snaps and Ubuntu Core about that.



Yes, If anyone has a clue - please advise... Seems to be very little good info on how to get access to ports via snaps.



You could try

sudo chmod 666 /dev/ttyACM0

Which will give you read/write permissions for the serial port in question.



Dceejay, the chmod is a temporary fix (next reboot you'll lose it). But fear not, you can add the node-red user (if that's the user id it's running under). First do:

njc@mozart:~$ ls -l /dev/ttyACM0 
crw-rw---- 1 root dialout 166, 0 Oct 31 16:40 /dev/ttyACM0
You have new mail in /var/mail/njc

Here you see the device is owned by root and group: dialout (you may have a different group). Next, run this command:

sudo user -a -G dialout node-red

If you are the user that runs the node-red command then replace node-red with your user ID. And if you had a different group, replace dialout with that group.

To verify that the user has been added to the group, logout, then login and run this command:

njc@mozart:~$ id
uid=1000(njc) gid=1000(njc) groups=1000(njc),7(lp),20(dialout),100(users)

Your numbers may be different, and you may have different groups. But as long as the group that is on the device is in that string you should be good.

It won't hurt to have your user ID and that of the node-red user in the group.

Hope that helps



Hmm - yeah that is the normal Ubuntu way to do it.. - I think Snaps expect you to do it differently ... sort of thing



Assume I've gone off on a rant about the new improved ways of doing things and skip it to save time. Ubuntu's improvements is one the reasons I stay away from Ubuntu (you may not have a choice).

Anyways, from the quick scan of that link it appears that they are explaining devices with snap. Is this like containerization or a security sandbox around node-red? My brain is getting muddled around Docker, Kubernetes and virtualization that I no longer know what's real. :wink:



Yes - it's the Ubuntu "better" version of containers that in theory provides better isolation between apps etc... which is great until you need to get past the isolation to reach the serial ports... so... really for snaps we ought to try to do it properly but lack of time, not enough digging to find the right docs, missing the magic nugget, other things to do, etc...

At some point it will all become clear, but until then... ho hum.

1 Like