Stuck on adding RFXcom on a second Pi - permission denied

I am trying to add an RFXtrx to a Pi that hasn't had one before. But I keep getting this:

[rfxcom] on /dev/ttyUSB0 - Error: Permission denied, cannot open /dev/ttyUSB0

This is my Docker Compose file:

services:
  node-red:
    build:
      dockerfile_inline: | 
        FROM  nodered/node-red:4.0.9-debian
        USER root
        RUN apt-get update \
          && apt-get install -y --no-install-recommends iputils-ping sshpass openssh-client
        USER node-red
    container_name: Node-RED
    privileged: true
    restart: no
    group_add:
        - "20"
    environment:
      - TZ=Europe/Oslo

    network_mode: host 
    devices:
      - /dev/serial/by-id/usb-RFXCOM_RFXtrx433_A12VLOW7-if00-port0:/dev/ttyUSB0
    volumes:
      - /media/pi/Docker/Docker-Compose/Node-RED/Data:/data
      - /media/pi/Docker/Docker-Compose:/home/pi/Docker-Compose:ro
      - type: bind
        source: /home/pi/Node-RED-omstarter.txt
        target: /home/pi/Node-RED-omstarter.txt
      - type: bind
        source: /home/pi/.ssh/known_hosts
        target: /usr/src/node-red/.ssh/known_hosts

I have checked that ttyUSB0 excists in the container with docker exec -it Node-RED bash and ls in the dev directory. So it seems that Node-RED within the container isn't allowed to use the USB0. I have three other Pi's running the same setup, and they work, but they have been through lots of generations of both Pi's, Pi OS and Node-RED, so I can't find out what I did different there. I ran sudo usermod -aG docker pi in the hope that it would change anything, which it didn't. So my limited understanding has reached it's end. I hope somebody can help me with this one.

That is because the user running Node-RED does not have permission to access the USB dev's.

Note how they belong to root but are given access to group dialout.

To fix this, simply add the Node-RED user to the dialout group.

But while you are there, don't use the ttyUSBn dev, you should use the more explicit UDEV entry. This will save you when Linux decides to randomly change the usb number on you:

image1362×126 9.78 KB

Thanks for answering! Actually the user running Node-RED has dialout, but you got me on the right track. The USB0 is only root and plugdev, not dialout!

And yes, I am actually using this for the device, I just simplified the Docker Compose file:

- /dev/serial/by-id/usb-RFXCOM_RFXtrx433_A12VLOW7-if00-port0:/dev/ttyUSB0

So now I only have to find out why the dialout group does not have access to USB0. That should be googleable.

OK, not so easy... I tried creating an udev rule like this:

sudoedit /etc/udev/rules.d/50-myusb.rules

KERNEL=="ttyUSB[0-9]*",MODE="0666"
KERNEL=="ttyACM[0-9]*",MODE="0666"

and adding pi to the plugdev group:

sudo usermod -a -G plugdev pi

none of them helped. And yes, I did reboot after each time.

Finally! I of course had to add the group plugdev to the docker compose file:

    group_add:
        - "46"

Up and running!

@Mastiff, so the custom udev rules still applicable? Or not? You have just opened access to all containers that may exist? The udev rules are system wide? Or container specific?