I'd call it a major security flaw of your linux distribution if the default web server user has hardware access.

But without error messages it is just guessing.