I have a program that runs on Ubuntu (various versions and Debian Squeeze) and also on another installation SuSE 12.1 64 (miles away) but not here on SuSE 12.1 64. The program needs to run as root to access USB ports.
Initially the program failed when trying to open X display so I wrote a very simple piece of code:
#include <stdio.h>
#include<X11/Xlib.h>
int main()
{
Display *d;
if ((d = XOpenDisplay(NULL)) == NULL)
{
printf ("Error trying to open XDisplay
");
return 1;
}
printf("XOpenDisplay(NULL) = %p
",d);
return 0;
}
Searching pointed me at using YaST to change Security settings to allow remote access to X Server and now the above code returns a pointer when run as user but not when run using sudo.
I think it is some security issue but I haven’t found what as yet so I’d appreciate any help.
Am 04.07.2012 12:56, schrieb DAFlippers:
> Searching pointed me at using YaST to change Security settings to allow
> remote access to X Server and now the above code returns a pointer when
> run as user
when run as user your code always returns a valid pointer for me or did
you meant as root here
the most probable reason if you ran as root and did not get a pointer
back is that you used “su” instead of “su -”, only with “su -” you get
access to X not with su alone.
> but not when run using sudo.
>
that simply means you did not configure sudo, to give sudo access to X
there is some configuration needed which is not default. I do not know
howto do that but you can simply look it up by showing the configuration
on an ubuntu machine with visudo because they configure it by default to
give access to the running X session.
> I think it is some security issue but I haven’t found what as yet so
> I’d appreciate any help.
>
Undo that and use “su -”.
–
PC: oS 12.1 x86_64 | i7-2600@3.40GHz | 16GB | KDE 4.8.4 | GeForce GT 420
ThinkPad E320: oS 12.1 x86_64 | i3@2.30GHz | 8GB | KDE 4.8.4 | HD 3000
eCAFE 800: oS 12.1 i586 | AMD Geode LX 800@500MHz | 512MB | KDE 3.5.10
Am 04.07.2012 13:49, schrieb Martin Helm:
> Am 04.07.2012 12:56, schrieb DAFlippers:
>> I think it is some security issue but I haven’t found what as yet so
>> I’d appreciate any help.
>>
> Undo that and use “su -”.
>
or xdg-su, gnomesu, kdesu all of them are there to run a program with
gui as root.
–
PC: oS 12.1 x86_64 | i7-2600@3.40GHz | 16GB | KDE 4.8.4 | GeForce GT 420
ThinkPad E320: oS 12.1 x86_64 | i3@2.30GHz | 8GB | KDE 4.8.4 | HD 3000
eCAFE 800: oS 12.1 i586 | AMD Geode LX 800@500MHz | 512MB | KDE 3.5.10
>
> The program needs to run as root to access USB ports.
>
well, i have to admit i’m confused by that statement!
since i see that Martin has answered and didn’t ask about this i guess
should assume this all normal…
but, since i can (as a simple user) USB plug-in and use a printer,
microphone, headset, speakers, video camera, external hard drive, CD/DVD
reader/writer, modem, UBS stick, scanner and a whole host of other
devices without being root, i find it very confusing that your program
“needs to run as root to” do what i can do without being root!!
so, what gives here?
why does your program have to run as root to access USB ports???
Am 04.07.2012 14:05, schrieb dd@home.dk:
>>
>> The program needs to run as root to access USB ports.
>>
>
> well, i have to admit i’m confused by that statement!
>
> since i see that Martin has answered and didn’t ask about this i guess
> should assume this all normal…
>
Nope, I simply missed that point and forgot to ask about that looking
only at the X display part, my excuse is I answered quickly during my
lunch break.
Good you mention this now.
–
PC: oS 12.1 x86_64 | i7-2600@3.40GHz | 16GB | KDE 4.8.4 | GeForce GT 420
ThinkPad E320: oS 12.1 x86_64 | i3@2.30GHz | 8GB | KDE 4.8.4 | HD 3000
eCAFE 800: oS 12.1 i586 | AMD Geode LX 800@500MHz | 512MB | KDE 3.5.10
Hm, I am not sure thatthe following holds true for USB ports, but think of the next::
Normal users have no accesss permissions to disk devices/partitions, but they have permnissions to files through the layer of the file system.
Is there an analogy that normal users have no access to USB devices (ports), but can use sound devices, etc. The sound device is e.g. have e.g. sound as a group and every user that can use group sound can use the sound device. But that is not the same as directly reading/writing to an USB port ¹)
¹) You can use a USB port through library routines like usb_init(), usb_find_busses(), usb_find_devices(), usb_claim_interface() and usb_control_message()
Which rights you need depends of course a lot on what you do with the
USB port. The claim was not that you can do what you want with the ports
as normal users.
As normal user for example you cannot use it for a serial connection
unless you assign yourself to the dialout group.
Some people do not know that and become root just to do such simple
things and this can easily be avoided by proper group membership.
If something like that is the case here is not clear as we have no
details so asking back and pointing to it is a good strategy.
Of course it can be that something is done which is really only possible
as root.
–
PC: oS 12.1 x86_64 | i7-2600@3.40GHz | 16GB | KDE 4.8.4 | GeForce GT 420
ThinkPad E320: oS 12.1 x86_64 | i3@2.30GHz | 8GB | KDE 4.8.4 | HD 3000
eCAFE 800: oS 12.1 i586 | AMD Geode LX 800@500MHz | 512MB | KDE 3.5.10
On 07/04/2012 04:06 PM, Martin Helm wrote:
> Of course it can be that something is done which is really only possible
> as root.
i’ve been wrong before (but not yet today…i think), but my guess is
the program can and should be run as a non-root user…and, all the
script hacking to make it ‘work’ as root is not only avoidable, but also
creating a security hole big enough to drive a script-kiddie’s rootkit
through (quietly).
On 07/04/12 10:46, hcvv pecked at the keyboard and wrote:
> In any case DAFlippers, we have a nic feature hee on the forums, but as
> it is not easy to finf for first visitors like you (welcome, btw), I
> will expplain.
> Please use CODE tags around any computer text that you copy/paste into
> a post here: http://tinyurl.com/2wwx7l9
>
>
Does it also have a spell checker? If so do you use it? Just look at the
second part of the first line.
Some may (I do) use an email program (such as Thunderbird) to reply and
don’t have the “code tag” button so your example does not apply.
Just saying.
Ken
openSUSE user since 1996 (when it was S.u.S.E.)
hi Ken, have not seen you around here…so welcome if you are new
hereabouts (i mean, maybe i just missed seeing your input)…
couple/three things:
using nntp (as you and i are doing) we can also use “code tags”
simply by typing them…like when i give hints on (say) command line
code i give it like this:
su -
zypper lr -d
so, here in nntp you will see the actual “code tags” but the folks on
the web side see something else (see http://forums.opensuse.org/showthread.php?t=476509 to get an
idea)…the tags here don’t make a great deal of difference, but it
makes a LOT of difference to the helpers on the web side…
other “tags” are available if you wish to use them (about the only other
i use are the quote and /quote), Carlos uses the URL tags often…more
at: http://forums.opensuse.org/misc.php?do=bbcode
they might be useful to you if you wanna hang out and also contribute to
the new folks who streams in here daily…
speaking of contributing, i’m not sure it is useful to spend a lot of
time here as the spelling police…Henk’s mother tongue isn’t english
and that goes for a lot of the helpers and askers…so, a little slack
is usually needed to get along and keep things cool…
compared to you i’m a SUSE-noob (only got into Linux a little in '98 as
IBM started murdering OS/2, and didn’t discover SUSE until about
2002…so, i look forward to your contributions to the folks new to
openSUSE, and expect you will teach me a trick or two, too…so, hang
around…you are welcome…but, go easy on the police thing–it really
doesn’t add to the pleasure or fun for the new folks…please.
On 07/04/12 12:27, dd@home.dk pecked at the keyboard and wrote:
>> openSUSE user since 1996 (when it was S.u.S.E.)
>
> hi Ken, have not seen you around here…so welcome if you are new
> hereabouts (i mean, maybe i just missed seeing your input)…
>
>
> compared to you i’m a SUSE-noob (only got into Linux a little in '98
> as IBM started murdering OS/2, and didn’t discover SUSE until about
> 2002…so, i look forward to your contributions to the folks new to
> openSUSE, and expect you will teach me a trick or two, too…so, hang
> around…you are welcome…but, go easy on the police thing–it
> really doesn’t add to the pleasure or fun for the new folks…please.
>
> around here we say, often:
>
> Have a lot of fun.
>
I do have a lot of fun with linux and like to run it in when a friend
asks to help reload the “Windows” OS.
Sorry about that. My only point was if other things are going to
“policed” using a spell checker should be recommended as well. Don’t get
me wrong I make a lot of mistakes myself. I also commend people on the
list where English is their second or third language. Most speak it
better then a lot of Americans I know.
I’ll help out where I can but the old memory ain’t what it used to be.
Sometimes I have a hard time remembering what I did yesterday. Goes
along with my CFS.
“su -” works thanks however I need to start this program during the boot sequence before the login screen so I need to sort out the following:
X must have started; must run as ROOT; ROOT must have access to X.
In Ubuntu I call the program via LightDM as rc.local is before X has started.
FYI, I use LibUSB-1.0 to read/write small amounts of data to a bespoke HID so I need to find and ID the device so I can open and read/write. That’s why the program needs to run as ROOT.
Goes