Startseite > Uncategorized > Running FHEM as non-privileged user on OpenWRT

Running FHEM as non-privileged user on OpenWRT

By default, the FHEM build provided by HU Berlin runs the daemon as user root. This is bad for security reasons, so let’s fix this.

Fix permissions of the log directory by default:
chown -R nobody:nobody /data/log/fhem/

Install the ’sudo‘ package so we can actually switch to a different user:
opkg install sudo

Then edit the init script in /etc/init.d/fhem to look as follows:



start() {
chown $USER:$GROUP /data/log/fhem
chown $USER:$GROUP /etc/fhem.cfg                             
sudo -u $USER -g $GROUP perl /usr/bin/ /etc/fhem.cfg &

stop() {
sudo -u $USER -g $GROUP perl /usr/bin/ 7072 "shutdown"


As you can see, we define some variables for the user and group so we can easily change that later, e.g. if we decide to add a dedicated user account for FHEM. We also add a DEVICE variable which will be used to change ownership on the device node for the CUL. As FHEM no longer runs as root, we need to adjust the permissions of that device node so FHEM can actually talk to the CUL.

That’s it – I have not received my CUL yet, so this is untested, but FHEM seems to run nicely.

edit: received my CUL today and updated the init script shown above. The previous version should never have worked in the first place.

edit2: fhem needs to be able to modify its config file.

  1. Es gibt noch keine Kommentare.
  1. 9. Dezember 2012 um 10:51 pm

Kommentar verfassen

Trage deine Daten unten ein oder klicke ein Icon um dich einzuloggen:

Du kommentierst mit Deinem Abmelden /  Ändern )

Google+ Foto

Du kommentierst mit Deinem Google+-Konto. Abmelden /  Ändern )


Du kommentierst mit Deinem Twitter-Konto. Abmelden /  Ändern )


Du kommentierst mit Deinem Facebook-Konto. Abmelden /  Ändern )


Verbinde mit %s

%d Bloggern gefällt das: