I want to read data from a GPS attached to an USB and seen by the system as a serial device. I would like not to use chmod u+s nor sudo and give to the process just the minimum capabilities to do that.
To test, I used the cat command:
sudo cat /dev/ttyACM0
This works, but could I give to cat a specific capability to read the serial port?
I tried setcap cap_sys_rawio+p and cap_sys_tty_config+p without success.
My idea is to give the binary just the minimum rights it need to do its task.
Normally ttys belong to a group called something similar to dialup. This is used mainly for old cu programs.
One thing you can use (and I do) is to include yourself in the dialup group, as you'll see that unused ttys have write permission to owner and group they belong to.
Don't forget to logout and relogon when you test this, as to get the group id for the dialup group in the list of groups you belong to requires to pass through the login(1) program.
On my system (a FreeBSD 11.x) the gps belongs to group operator, and I (my account) belongs to that group. I can open the gps (bluetooth device with pseudo terminal over a pseudotty)
In linux, I use /dev/rfcomm0 (bluetooth) serial device. In debian, /dev/ttyS0[0-3] belong to the dialout group. You can use that group.