Re: [Lazarus] run program in ide with sudo for debug purpose
On 26/02/12 13:29, Mark Morgan Lloyd wrote: Martin wrote: On 26/02/2012 12:38, ik wrote: Hello, I'm trying to debug a program that I'm writing with Lazarus, and it require root privileges, but I do not want Lazarus to run as root, only the program itself for debug. How can I do that ? I have not tried it, but maybe if you replace /usr/bin/gdb (in the IDE opions dialog) with sudo /usr/bin/gdb ? Of course that affects all projects. But afaik you can't use a starter app , because then gdb will attempt to debug the starter app I've had this sort of requirement in the past, specifically when using libusb (i.e. the program needed sufficient privilege to grab the device). You need udev rules that set the user/group permissions for the devices that you use. You don't need to run as root. Henry -- ___ Lazarus mailing list Lazarus@lists.lazarus.freepascal.org http://lists.lazarus.freepascal.org/mailman/listinfo/lazarus
Re: [Lazarus] run program in ide with sudo for debug purpose
Henry Vermaak wrote: On 26/02/12 13:29, Mark Morgan Lloyd wrote: I've had this sort of requirement in the past, specifically when using libusb (i.e. the program needed sufficient privilege to grab the device). You need udev rules that set the user/group permissions for the devices that you use. You don't need to run as root. I'd be happy to be proven wrong, but my understanding is that you do since there is one specific kernel call (in effect, telling the kernel to release an unrecognised device to an unprivileged program) that won't work otherwise. -- Mark Morgan Lloyd markMLl .AT. telemetry.co .DOT. uk [Opinions above are the author's, not those of his employers or colleagues] -- ___ Lazarus mailing list Lazarus@lists.lazarus.freepascal.org http://lists.lazarus.freepascal.org/mailman/listinfo/lazarus
Re: [Lazarus] run program in ide with sudo for debug purpose
On Mon, Feb 27, 2012 at 12:07, Mark Morgan Lloyd markmll.laza...@telemetry.co.uk wrote: Henry Vermaak wrote: On 26/02/12 13:29, Mark Morgan Lloyd wrote: I've had this sort of requirement in the past, specifically when using libusb (i.e. the program needed sufficient privilege to grab the device). You need udev rules that set the user/group permissions for the devices that you use. You don't need to run as root. I'd be happy to be proven wrong, but my understanding is that you do since there is one specific kernel call (in effect, telling the kernel to release an unrecognised device to an unprivileged program) that won't work otherwise. Close, I'm using libraries that talk with kernel space, and require root access to work, and it's not a GUI application. -- Mark Morgan Lloyd markMLl .AT. telemetry.co .DOT. uk [Opinions above are the author's, not those of his employers or colleagues] -- ___ Lazarus mailing list Lazarus@lists.lazarus.freepascal.org http://lists.lazarus.freepascal.org/mailman/listinfo/lazarus -- ___ Lazarus mailing list Lazarus@lists.lazarus.freepascal.org http://lists.lazarus.freepascal.org/mailman/listinfo/lazarus
Re: [Lazarus] run program in ide with sudo for debug purpose
Am 27.02.2012 11:07, schrieb Mark Morgan Lloyd:
Henry Vermaak wrote:
On 26/02/12 13:29, Mark Morgan Lloyd wrote:
I've had this sort of requirement in the past, specifically when using
libusb (i.e. the program needed sufficient privilege to grab the
device).
You need udev rules that set the user/group permissions for the
devices that you use. You don't need to run as root.
I'd be happy to be proven wrong, but my understanding is that you do
since there is one specific kernel call (in effect, telling the kernel
to release an unrecognised device to an unprivileged program) that won't
work otherwise.
I already managed the following some time ago for a scanner that was not
supported by SANE:
* setup a Windows VM in QEMU
* tell QEMU to pass the scanner to the VM
If I now started the VM I became a permission denied error when it
tried to open the corresponding dev node. Now I simply changed (at that
time without udev rules, because they somehow didn't work as I wanted
them to) the group of the corresponding device file
(/dev/usb/{bus}/{device}) to a group my user is part of and Tada! it
worked. So no, you don't need Root access for an unrecognized device.
Regards,
Sven
--
___
Lazarus mailing list
Lazarus@lists.lazarus.freepascal.org
http://lists.lazarus.freepascal.org/mailman/listinfo/lazarus
Re: [Lazarus] run program in ide with sudo for debug purpose
On 27/02/12 10:07, Mark Morgan Lloyd wrote:
Henry Vermaak wrote:
On 26/02/12 13:29, Mark Morgan Lloyd wrote:
I've had this sort of requirement in the past, specifically when using
libusb (i.e. the program needed sufficient privilege to grab the
device).
You need udev rules that set the user/group permissions for the
devices that you use. You don't need to run as root.
I'd be happy to be proven wrong, but my understanding is that you do
since there is one specific kernel call (in effect, telling the kernel
to release an unrecognised device to an unprivileged program) that won't
work otherwise.
You need root permissions because libusb accesses the file
/dev/bus/usb/%d/%d. The default permissions to these files are
restricted to root by default, so udev is used so that known devices can
be used by less-privileged users. E.g. usb printers, which will set the
group to lp on my system (Debian). This is what I use at work for
development with a Cypress FX2 board:
hcv@technical09:~$ lsusb
...
Bus 001 Device 003: ID 04b4:8613 Cypress Semiconductor Corp. CY7C68013
EZ-USB FX2 USB 2.0 Development Kit
...
hcv@technical09:~$ ls -l /dev/bus/usb/001/
total 0
crw-rw-r-- 1 root root189, 0 Feb 27 09:15 001
crw-rw-r-- 1 root plugdev 189, 2 Feb 27 10:26 003
hcv@technical09:~$ cat /etc/udev/rules.d/55-hcv.rules
ATTRS{idVendor}==04b4, ATTRS{idProduct}==8613, MODE=0664,
GROUP=plugdev
I belong to the plugdev group, so I can use the device without running
as root.
Henry
--
___
Lazarus mailing list
Lazarus@lists.lazarus.freepascal.org
http://lists.lazarus.freepascal.org/mailman/listinfo/lazarus
Re: [Lazarus] run program in ide with sudo for debug purpose
Sven Barth wrote:
Am 27.02.2012 11:07, schrieb Mark Morgan Lloyd:
I'd be happy to be proven wrong, but my understanding is that you do
since there is one specific kernel call (in effect, telling the kernel
to release an unrecognised device to an unprivileged program) that won't
work otherwise.
I already managed the following some time ago for a scanner that was not
supported by SANE:
* setup a Windows VM in QEMU
* tell QEMU to pass the scanner to the VM
If I now started the VM I became a permission denied error when it
tried to open the corresponding dev node. Now I simply changed (at that
time without udev rules, because they somehow didn't work as I wanted
them to) the group of the corresponding device file
(/dev/usb/{bus}/{device}) to a group my user is part of and Tada! it
worked. So no, you don't need Root access for an unrecognized device.
The reason it didn't work as expected might have been because the
insertion of otherwise-unrecognised devices in /dev/usb is a
comparatively recent feature. Checking, it's not in 2.6.18 (Debian Etch)
but is in 2.6.32 (Debian Lenny). Allow for a few kernel steppings for it
to actually /work/ :-)
But to make those changes (and were they in the host or the guest?) you
needed root access. So you've moved the problem rather than fixing it
permanently.
--
Mark Morgan Lloyd
markMLl .AT. telemetry.co .DOT. uk
[Opinions above are the author's, not those of his employers or colleagues]
--
___
Lazarus mailing list
Lazarus@lists.lazarus.freepascal.org
http://lists.lazarus.freepascal.org/mailman/listinfo/lazarus
Re: [Lazarus] run program in ide with sudo for debug purpose
Henry Vermaak wrote:
On 27/02/12 10:07, Mark Morgan Lloyd wrote:
I'd be happy to be proven wrong, but my understanding is that you do
since there is one specific kernel call (in effect, telling the kernel
to release an unrecognised device to an unprivileged program) that won't
work otherwise.
You need root permissions because libusb accesses the file
/dev/bus/usb/%d/%d. The default permissions to these files are
restricted to root by default, so udev is used so that known devices can
be used by less-privileged users. E.g. usb printers, which will set the
group to lp on my system (Debian). This is what I use at work for
development with a Cypress FX2 board:
hcv@technical09:~$ lsusb
...
Bus 001 Device 003: ID 04b4:8613 Cypress Semiconductor Corp. CY7C68013
EZ-USB FX2 USB 2.0 Development Kit
...
hcv@technical09:~$ ls -l /dev/bus/usb/001/
total 0
crw-rw-r-- 1 root root189, 0 Feb 27 09:15 001
crw-rw-r-- 1 root plugdev 189, 2 Feb 27 10:26 003
hcv@technical09:~$ cat /etc/udev/rules.d/55-hcv.rules
ATTRS{idVendor}==04b4, ATTRS{idProduct}==8613, MODE=0664,
GROUP=plugdev
I belong to the plugdev group, so I can use the device without running
as root.
Thanks for the example.
--
Mark Morgan Lloyd
markMLl .AT. telemetry.co .DOT. uk
[Opinions above are the author's, not those of his employers or colleagues]
--
___
Lazarus mailing list
Lazarus@lists.lazarus.freepascal.org
http://lists.lazarus.freepascal.org/mailman/listinfo/lazarus
Re: [Lazarus] run program in ide with sudo for debug purpose
On 27/02/12 11:13, Mark Morgan Lloyd wrote: The reason it didn't work as expected might have been because the insertion of otherwise-unrecognised devices in /dev/usb is a comparatively recent feature. Checking, it's not in 2.6.18 (Debian Etch) but is in 2.6.32 (Debian Lenny). Allow for a few kernel steppings for it to actually /work/ :-) The wiki page says it will work as far back as 2.6.13. Before then, hotplug was used, but don't ask me how that worked :) -- ___ Lazarus mailing list Lazarus@lists.lazarus.freepascal.org http://lists.lazarus.freepascal.org/mailman/listinfo/lazarus
Re: [Lazarus] run program in ide with sudo for debug purpose
On 27/02/12 11:34, Mark Morgan Lloyd wrote: Henry Vermaak wrote: On 27/02/12 11:13, Mark Morgan Lloyd wrote: The reason it didn't work as expected might have been because the insertion of otherwise-unrecognised devices in /dev/usb is a comparatively recent feature. Checking, it's not in 2.6.18 (Debian Etch) but is in 2.6.32 (Debian Lenny). Allow for a few kernel steppings for it to actually /work/ :-) The wiki page says it will work as far back as 2.6.13. Before then, hotplug was used, but don't ask me how that worked :) It might be in 2.6.13, but testing on a Debian SPARC Etch with 2.6.18 didn't so it might not have been enabled as standard until later. That's probably the case. They are quite conservative with new features! Henry -- ___ Lazarus mailing list Lazarus@lists.lazarus.freepascal.org http://lists.lazarus.freepascal.org/mailman/listinfo/lazarus
Re: [Lazarus] run program in ide with sudo for debug purpose
On Sun, Feb 26, 2012 at 14:38, ik ido...@gmail.com wrote: Hello, I'm trying to debug a program that I'm writing with Lazarus, and it require root privileges, but I do not want Lazarus to run as root, only the program itself for debug. How can I do that ? Working with gdbserver can solve this. I'll investigate this issue on the weekend and might send a patch to lazarus to support it Thanks, Ido -- ___ Lazarus mailing list Lazarus@lists.lazarus.freepascal.org http://lists.lazarus.freepascal.org/mailman/listinfo/lazarus
Re: [Lazarus] run program in ide with sudo for debug purpose
Am 27.02.2012 12:13, schrieb Mark Morgan Lloyd:
Sven Barth wrote:
Am 27.02.2012 11:07, schrieb Mark Morgan Lloyd:
I'd be happy to be proven wrong, but my understanding is that you do
since there is one specific kernel call (in effect, telling the kernel
to release an unrecognised device to an unprivileged program) that won't
work otherwise.
I already managed the following some time ago for a scanner that was
not supported by SANE:
* setup a Windows VM in QEMU
* tell QEMU to pass the scanner to the VM
If I now started the VM I became a permission denied error when it
tried to open the corresponding dev node. Now I simply changed (at
that time without udev rules, because they somehow didn't work as I
wanted them to) the group of the corresponding device file
(/dev/usb/{bus}/{device}) to a group my user is part of and Tada! it
worked. So no, you don't need Root access for an unrecognized device.
The reason it didn't work as expected might have been because the
insertion of otherwise-unrecognised devices in /dev/usb is a
comparatively recent feature. Checking, it's not in 2.6.18 (Debian Etch)
but is in 2.6.32 (Debian Lenny). Allow for a few kernel steppings for it
to actually /work/ :-)
At the time I tested this I run a 2.6.40 or so kernel (ArchLinux) so
this was definitely not the problem ;) Nevertheless: though the udev
rules failed the manual changing of the ownership on the host computer
worked.
But to make those changes (and were they in the host or the guest?) you
needed root access. So you've moved the problem rather than fixing it
permanently.
These changes were on the host and the ownership only needs to be
changed once after the scanner was plugged in (udev would have done that
automatically, but as I didn't need the scanner that often the manual
route was sufficient) otherwise QEMU will complain that it can't open
the USB device file.
Note: I did never look why my udev rule didn't work. Today this is no
longer important as I now have a scanner that works with SANE.
Also I don't see what you want to imply with moved the problem. The
solution for accessing hardware devices without root access is to change
their permissions one way or the other. You can do that either by udev
rules, manually or in a startup script which is always run (and is run
as root - like /etc/rc.local on ArchLinux) though in the last case the
device needs ot be plugged in at startup.
Regards,
Sven
--
___
Lazarus mailing list
Lazarus@lists.lazarus.freepascal.org
http://lists.lazarus.freepascal.org/mailman/listinfo/lazarus
Re: [Lazarus] run program in ide with sudo for debug purpose
On Mon, Feb 27, 2012 at 15:56, Mark Morgan Lloyd markmll.laza...@telemetry.co.uk wrote: ik wrote: On Sun, Feb 26, 2012 at 14:38, ik ido...@gmail.com wrote: Hello, I'm trying to debug a program that I'm writing with Lazarus, and it require root privileges, but I do not want Lazarus to run as root, only the program itself for debug. How can I do that ? Working with gdbserver can solve this. I'll investigate this issue on the weekend and might send a patch to lazarus to support it If that would work then would accessing gdb via ssh be an alternative? I don't think it's the same. But I guess it is :) -- Mark Morgan Lloyd markMLl .AT. telemetry.co .DOT. uk [Opinions above are the author's, not those of his employers or colleagues] -- ___ Lazarus mailing list Lazarus@lists.lazarus.freepascal.org http://lists.lazarus.freepascal.org/mailman/listinfo/lazarus -- ___ Lazarus mailing list Lazarus@lists.lazarus.freepascal.org http://lists.lazarus.freepascal.org/mailman/listinfo/lazarus
Re: [Lazarus] run program in ide with sudo for debug purpose
On 2/27/2012 05:11, Sven Barth wrote:
I'd be happy to be proven wrong, but my understanding is that you do
since there is one specific kernel call (in effect, telling the kernel
to release an unrecognised device to an unprivileged program) that won't
work otherwise.
I already managed the following some time ago for a scanner that was not
supported by SANE:
* setup a Windows VM in QEMU
* tell QEMU to pass the scanner to the VM
If I now started the VM I became a permission denied error when it tried to
open the corresponding dev node. Now I simply changed (at that time without udev
rules, because they somehow didn't work as I wanted them to) the group of the
corresponding device file (/dev/usb/{bus}/{device}) to a group my user is part
of and Tada! it worked. So no, you don't need Root access for an unrecognized
device.
why not just add your user(s) to that group the device was in? this would/should
give the same access capabilities... or am i missing something else?
--
___
Lazarus mailing list
Lazarus@lists.lazarus.freepascal.org
http://lists.lazarus.freepascal.org/mailman/listinfo/lazarus
Re: [Lazarus] run program in ide with sudo for debug purpose
Am 27.02.2012 16:06, schrieb waldo kitty:
On 2/27/2012 05:11, Sven Barth wrote:
I'd be happy to be proven wrong, but my understanding is that you do
since there is one specific kernel call (in effect, telling the kernel
to release an unrecognised device to an unprivileged program) that won't
work otherwise.
I already managed the following some time ago for a scanner that was not
supported by SANE:
* setup a Windows VM in QEMU
* tell QEMU to pass the scanner to the VM
If I now started the VM I became a permission denied error when it
tried to
open the corresponding dev node. Now I simply changed (at that time
without udev
rules, because they somehow didn't work as I wanted them to) the group
of the
corresponding device file (/dev/usb/{bus}/{device}) to a group my user
is part
of and Tada! it worked. So no, you don't need Root access for an
unrecognized
device.
why not just add your user(s) to that group the device was in? this
would/should give the same access capabilities... or am i missing
something else?
The USB device files are by default created with root:root. I changed
the one of my scanner to root:plugdev by hand (and yes, my user belongs
to plugdev ;) )
Regards,
Sven
--
___
Lazarus mailing list
Lazarus@lists.lazarus.freepascal.org
http://lists.lazarus.freepascal.org/mailman/listinfo/lazarus
Re: [Lazarus] run program in ide with sudo for debug purpose
On 2/27/2012 10:09, Sven Barth wrote: Am 27.02.2012 16:06, schrieb waldo kitty: why not just add your user(s) to that group the device was in? this would/should give the same access capabilities... or am i missing something else? The USB device files are by default created with root:root. I changed the one of my scanner to root:plugdev by hand (and yes, my user belongs to plugdev ;) ) ahhh! yes, i remember similar messes i dug into a while back... i should have remembered before writing... -- ___ Lazarus mailing list Lazarus@lists.lazarus.freepascal.org http://lists.lazarus.freepascal.org/mailman/listinfo/lazarus
Re: [Lazarus] run program in ide with sudo for debug purpose
On Sunday 26 of February 2012 13:49:08 Martin wrote: On 26/02/2012 12:38, ik wrote: Hello, I'm trying to debug a program that I'm writing with Lazarus, and it require root privileges, but I do not want Lazarus to run as root, only the program itself for debug. How can I do that ? I have not tried it, but maybe if you replace /usr/bin/gdb (in the IDE opions dialog) with sudo /usr/bin/gdb ? Of course that affects all projects. Yes, but sudo can ask for password ,so he'll be stucked there I think. zeljko -- ___ Lazarus mailing list Lazarus@lists.lazarus.freepascal.org http://lists.lazarus.freepascal.org/mailman/listinfo/lazarus
Re: [Lazarus] run program in ide with sudo for debug purpose
On Sun, Feb 26, 2012 at 15:05, zeljko zel...@holobit.net wrote: On Sunday 26 of February 2012 13:49:08 Martin wrote: On 26/02/2012 12:38, ik wrote: Hello, I'm trying to debug a program that I'm writing with Lazarus, and it require root privileges, but I do not want Lazarus to run as root, only the program itself for debug. How can I do that ? I have not tried it, but maybe if you replace /usr/bin/gdb (in the IDE opions dialog) with sudo /usr/bin/gdb ? Of course that affects all projects. Yes, but sudo can ask for password ,so he'll be stucked there I think. Treid to use kdesu but got the following: The debugger /usr/bin/kdesu /usr/bin/gdb does not exist or is not executable. See Tools - Options - Debugger options zeljko -- ___ Lazarus mailing list Lazarus@lists.lazarus.freepascal.org http://lists.lazarus.freepascal.org/mailman/listinfo/lazarus -- ___ Lazarus mailing list Lazarus@lists.lazarus.freepascal.org http://lists.lazarus.freepascal.org/mailman/listinfo/lazarus
Re: [Lazarus] run program in ide with sudo for debug purpose
Martin wrote: On 26/02/2012 12:38, ik wrote: Hello, I'm trying to debug a program that I'm writing with Lazarus, and it require root privileges, but I do not want Lazarus to run as root, only the program itself for debug. How can I do that ? I have not tried it, but maybe if you replace /usr/bin/gdb (in the IDE opions dialog) with sudo /usr/bin/gdb ? Of course that affects all projects. But afaik you can't use a starter app , because then gdb will attempt to debug the starter app I've had this sort of requirement in the past, specifically when using libusb (i.e. the program needed sufficient privilege to grab the device). I wonder whether setting either Lazarus or gdb setuid root would help? -- Mark Morgan Lloyd markMLl .AT. telemetry.co .DOT. uk [Opinions above are the author's, not those of his employers or colleagues] -- ___ Lazarus mailing list Lazarus@lists.lazarus.freepascal.org http://lists.lazarus.freepascal.org/mailman/listinfo/lazarus
Re: [Lazarus] run program in ide with sudo for debug purpose
On Sun, Feb 26, 2012 at 15:29, Mark Morgan Lloyd markmll.laza...@telemetry.co.uk wrote: Martin wrote: On 26/02/2012 12:38, ik wrote: Hello, I'm trying to debug a program that I'm writing with Lazarus, and it require root privileges, but I do not want Lazarus to run as root, only the program itself for debug. How can I do that ? I have not tried it, but maybe if you replace /usr/bin/gdb (in the IDE opions dialog) with sudo /usr/bin/gdb ? Of course that affects all projects. But afaik you can't use a starter app , because then gdb will attempt to debug the starter app I've had this sort of requirement in the past, specifically when using libusb (i.e. the program needed sufficient privilege to grab the device). I wonder whether setting either Lazarus or gdb setuid root would help? That's scars me a lot. Because it means that every program that is using gdb can raise it's privileges to root. I think that a better way, will be to set per project if the program should have different privileges for running inside Lazarus, and if so, then to use tools such as kdesu for example. -- Mark Morgan Lloyd markMLl .AT. telemetry.co .DOT. uk [Opinions above are the author's, not those of his employers or colleagues] -- ___ Lazarus mailing list Lazarus@lists.lazarus.freepascal.org http://lists.lazarus.freepascal.org/mailman/listinfo/lazarus -- ___ Lazarus mailing list Lazarus@lists.lazarus.freepascal.org http://lists.lazarus.freepascal.org/mailman/listinfo/lazarus
Re: [Lazarus] run program in ide with sudo for debug purpose
On Sunday 26 of February 2012 14:56:19 ik wrote: That's scars me a lot. Because it means that every program that is using gdb can raise it's privileges to root. I think that a better way, will be to set per project if the program should have different privileges for running inside Lazarus, and if so, then to use tools such as kdesu for example. workaround is to use gdb from console :) zeljko -- ___ Lazarus mailing list Lazarus@lists.lazarus.freepascal.org http://lists.lazarus.freepascal.org/mailman/listinfo/lazarus
