Re: [Lazarus] run program in ide with sudo for debug purpose
On 26/02/12 13:29, Mark Morgan Lloyd wrote: Martin wrote: On 26/02/2012 12:38, ik wrote: Hello, I'm trying to debug a program that I'm writing with Lazarus, and it require root privileges, but I do not want Lazarus to run as root, only the program itself for debug. How can I do that ? I have not tried it, but maybe if you replace /usr/bin/gdb (in the IDE opions dialog) with sudo /usr/bin/gdb ? Of course that affects all projects. But afaik you can't use a starter app , because then gdb will attempt to debug the starter app I've had this sort of requirement in the past, specifically when using libusb (i.e. the program needed sufficient privilege to grab the device). You need udev rules that set the user/group permissions for the devices that you use. You don't need to run as root. Henry -- ___ Lazarus mailing list Lazarus@lists.lazarus.freepascal.org http://lists.lazarus.freepascal.org/mailman/listinfo/lazarus
Re: [Lazarus] run program in ide with sudo for debug purpose
Henry Vermaak wrote: On 26/02/12 13:29, Mark Morgan Lloyd wrote: I've had this sort of requirement in the past, specifically when using libusb (i.e. the program needed sufficient privilege to grab the device). You need udev rules that set the user/group permissions for the devices that you use. You don't need to run as root. I'd be happy to be proven wrong, but my understanding is that you do since there is one specific kernel call (in effect, telling the kernel to release an unrecognised device to an unprivileged program) that won't work otherwise. -- Mark Morgan Lloyd markMLl .AT. telemetry.co .DOT. uk [Opinions above are the author's, not those of his employers or colleagues] -- ___ Lazarus mailing list Lazarus@lists.lazarus.freepascal.org http://lists.lazarus.freepascal.org/mailman/listinfo/lazarus
Re: [Lazarus] run program in ide with sudo for debug purpose
On Mon, Feb 27, 2012 at 12:07, Mark Morgan Lloyd markmll.laza...@telemetry.co.uk wrote: Henry Vermaak wrote: On 26/02/12 13:29, Mark Morgan Lloyd wrote: I've had this sort of requirement in the past, specifically when using libusb (i.e. the program needed sufficient privilege to grab the device). You need udev rules that set the user/group permissions for the devices that you use. You don't need to run as root. I'd be happy to be proven wrong, but my understanding is that you do since there is one specific kernel call (in effect, telling the kernel to release an unrecognised device to an unprivileged program) that won't work otherwise. Close, I'm using libraries that talk with kernel space, and require root access to work, and it's not a GUI application. -- Mark Morgan Lloyd markMLl .AT. telemetry.co .DOT. uk [Opinions above are the author's, not those of his employers or colleagues] -- ___ Lazarus mailing list Lazarus@lists.lazarus.freepascal.org http://lists.lazarus.freepascal.org/mailman/listinfo/lazarus -- ___ Lazarus mailing list Lazarus@lists.lazarus.freepascal.org http://lists.lazarus.freepascal.org/mailman/listinfo/lazarus
Re: [Lazarus] run program in ide with sudo for debug purpose
Am 27.02.2012 11:07, schrieb Mark Morgan Lloyd: Henry Vermaak wrote: On 26/02/12 13:29, Mark Morgan Lloyd wrote: I've had this sort of requirement in the past, specifically when using libusb (i.e. the program needed sufficient privilege to grab the device). You need udev rules that set the user/group permissions for the devices that you use. You don't need to run as root. I'd be happy to be proven wrong, but my understanding is that you do since there is one specific kernel call (in effect, telling the kernel to release an unrecognised device to an unprivileged program) that won't work otherwise. I already managed the following some time ago for a scanner that was not supported by SANE: * setup a Windows VM in QEMU * tell QEMU to pass the scanner to the VM If I now started the VM I became a permission denied error when it tried to open the corresponding dev node. Now I simply changed (at that time without udev rules, because they somehow didn't work as I wanted them to) the group of the corresponding device file (/dev/usb/{bus}/{device}) to a group my user is part of and Tada! it worked. So no, you don't need Root access for an unrecognized device. Regards, Sven -- ___ Lazarus mailing list Lazarus@lists.lazarus.freepascal.org http://lists.lazarus.freepascal.org/mailman/listinfo/lazarus
Re: [Lazarus] run program in ide with sudo for debug purpose
On 27/02/12 10:07, Mark Morgan Lloyd wrote: Henry Vermaak wrote: On 26/02/12 13:29, Mark Morgan Lloyd wrote: I've had this sort of requirement in the past, specifically when using libusb (i.e. the program needed sufficient privilege to grab the device). You need udev rules that set the user/group permissions for the devices that you use. You don't need to run as root. I'd be happy to be proven wrong, but my understanding is that you do since there is one specific kernel call (in effect, telling the kernel to release an unrecognised device to an unprivileged program) that won't work otherwise. You need root permissions because libusb accesses the file /dev/bus/usb/%d/%d. The default permissions to these files are restricted to root by default, so udev is used so that known devices can be used by less-privileged users. E.g. usb printers, which will set the group to lp on my system (Debian). This is what I use at work for development with a Cypress FX2 board: hcv@technical09:~$ lsusb ... Bus 001 Device 003: ID 04b4:8613 Cypress Semiconductor Corp. CY7C68013 EZ-USB FX2 USB 2.0 Development Kit ... hcv@technical09:~$ ls -l /dev/bus/usb/001/ total 0 crw-rw-r-- 1 root root189, 0 Feb 27 09:15 001 crw-rw-r-- 1 root plugdev 189, 2 Feb 27 10:26 003 hcv@technical09:~$ cat /etc/udev/rules.d/55-hcv.rules ATTRS{idVendor}==04b4, ATTRS{idProduct}==8613, MODE=0664, GROUP=plugdev I belong to the plugdev group, so I can use the device without running as root. Henry -- ___ Lazarus mailing list Lazarus@lists.lazarus.freepascal.org http://lists.lazarus.freepascal.org/mailman/listinfo/lazarus
Re: [Lazarus] run program in ide with sudo for debug purpose
Sven Barth wrote: Am 27.02.2012 11:07, schrieb Mark Morgan Lloyd: I'd be happy to be proven wrong, but my understanding is that you do since there is one specific kernel call (in effect, telling the kernel to release an unrecognised device to an unprivileged program) that won't work otherwise. I already managed the following some time ago for a scanner that was not supported by SANE: * setup a Windows VM in QEMU * tell QEMU to pass the scanner to the VM If I now started the VM I became a permission denied error when it tried to open the corresponding dev node. Now I simply changed (at that time without udev rules, because they somehow didn't work as I wanted them to) the group of the corresponding device file (/dev/usb/{bus}/{device}) to a group my user is part of and Tada! it worked. So no, you don't need Root access for an unrecognized device. The reason it didn't work as expected might have been because the insertion of otherwise-unrecognised devices in /dev/usb is a comparatively recent feature. Checking, it's not in 2.6.18 (Debian Etch) but is in 2.6.32 (Debian Lenny). Allow for a few kernel steppings for it to actually /work/ :-) But to make those changes (and were they in the host or the guest?) you needed root access. So you've moved the problem rather than fixing it permanently. -- Mark Morgan Lloyd markMLl .AT. telemetry.co .DOT. uk [Opinions above are the author's, not those of his employers or colleagues] -- ___ Lazarus mailing list Lazarus@lists.lazarus.freepascal.org http://lists.lazarus.freepascal.org/mailman/listinfo/lazarus
Re: [Lazarus] run program in ide with sudo for debug purpose
Henry Vermaak wrote: On 27/02/12 10:07, Mark Morgan Lloyd wrote: I'd be happy to be proven wrong, but my understanding is that you do since there is one specific kernel call (in effect, telling the kernel to release an unrecognised device to an unprivileged program) that won't work otherwise. You need root permissions because libusb accesses the file /dev/bus/usb/%d/%d. The default permissions to these files are restricted to root by default, so udev is used so that known devices can be used by less-privileged users. E.g. usb printers, which will set the group to lp on my system (Debian). This is what I use at work for development with a Cypress FX2 board: hcv@technical09:~$ lsusb ... Bus 001 Device 003: ID 04b4:8613 Cypress Semiconductor Corp. CY7C68013 EZ-USB FX2 USB 2.0 Development Kit ... hcv@technical09:~$ ls -l /dev/bus/usb/001/ total 0 crw-rw-r-- 1 root root189, 0 Feb 27 09:15 001 crw-rw-r-- 1 root plugdev 189, 2 Feb 27 10:26 003 hcv@technical09:~$ cat /etc/udev/rules.d/55-hcv.rules ATTRS{idVendor}==04b4, ATTRS{idProduct}==8613, MODE=0664, GROUP=plugdev I belong to the plugdev group, so I can use the device without running as root. Thanks for the example. -- Mark Morgan Lloyd markMLl .AT. telemetry.co .DOT. uk [Opinions above are the author's, not those of his employers or colleagues] -- ___ Lazarus mailing list Lazarus@lists.lazarus.freepascal.org http://lists.lazarus.freepascal.org/mailman/listinfo/lazarus
Re: [Lazarus] run program in ide with sudo for debug purpose
On 27/02/12 11:13, Mark Morgan Lloyd wrote: The reason it didn't work as expected might have been because the insertion of otherwise-unrecognised devices in /dev/usb is a comparatively recent feature. Checking, it's not in 2.6.18 (Debian Etch) but is in 2.6.32 (Debian Lenny). Allow for a few kernel steppings for it to actually /work/ :-) The wiki page says it will work as far back as 2.6.13. Before then, hotplug was used, but don't ask me how that worked :) -- ___ Lazarus mailing list Lazarus@lists.lazarus.freepascal.org http://lists.lazarus.freepascal.org/mailman/listinfo/lazarus
Re: [Lazarus] run program in ide with sudo for debug purpose
On 27/02/12 11:34, Mark Morgan Lloyd wrote: Henry Vermaak wrote: On 27/02/12 11:13, Mark Morgan Lloyd wrote: The reason it didn't work as expected might have been because the insertion of otherwise-unrecognised devices in /dev/usb is a comparatively recent feature. Checking, it's not in 2.6.18 (Debian Etch) but is in 2.6.32 (Debian Lenny). Allow for a few kernel steppings for it to actually /work/ :-) The wiki page says it will work as far back as 2.6.13. Before then, hotplug was used, but don't ask me how that worked :) It might be in 2.6.13, but testing on a Debian SPARC Etch with 2.6.18 didn't so it might not have been enabled as standard until later. That's probably the case. They are quite conservative with new features! Henry -- ___ Lazarus mailing list Lazarus@lists.lazarus.freepascal.org http://lists.lazarus.freepascal.org/mailman/listinfo/lazarus
Re: [Lazarus] run program in ide with sudo for debug purpose
On Sun, Feb 26, 2012 at 14:38, ik ido...@gmail.com wrote: Hello, I'm trying to debug a program that I'm writing with Lazarus, and it require root privileges, but I do not want Lazarus to run as root, only the program itself for debug. How can I do that ? Working with gdbserver can solve this. I'll investigate this issue on the weekend and might send a patch to lazarus to support it Thanks, Ido -- ___ Lazarus mailing list Lazarus@lists.lazarus.freepascal.org http://lists.lazarus.freepascal.org/mailman/listinfo/lazarus
Re: [Lazarus] run program in ide with sudo for debug purpose
Am 27.02.2012 12:13, schrieb Mark Morgan Lloyd: Sven Barth wrote: Am 27.02.2012 11:07, schrieb Mark Morgan Lloyd: I'd be happy to be proven wrong, but my understanding is that you do since there is one specific kernel call (in effect, telling the kernel to release an unrecognised device to an unprivileged program) that won't work otherwise. I already managed the following some time ago for a scanner that was not supported by SANE: * setup a Windows VM in QEMU * tell QEMU to pass the scanner to the VM If I now started the VM I became a permission denied error when it tried to open the corresponding dev node. Now I simply changed (at that time without udev rules, because they somehow didn't work as I wanted them to) the group of the corresponding device file (/dev/usb/{bus}/{device}) to a group my user is part of and Tada! it worked. So no, you don't need Root access for an unrecognized device. The reason it didn't work as expected might have been because the insertion of otherwise-unrecognised devices in /dev/usb is a comparatively recent feature. Checking, it's not in 2.6.18 (Debian Etch) but is in 2.6.32 (Debian Lenny). Allow for a few kernel steppings for it to actually /work/ :-) At the time I tested this I run a 2.6.40 or so kernel (ArchLinux) so this was definitely not the problem ;) Nevertheless: though the udev rules failed the manual changing of the ownership on the host computer worked. But to make those changes (and were they in the host or the guest?) you needed root access. So you've moved the problem rather than fixing it permanently. These changes were on the host and the ownership only needs to be changed once after the scanner was plugged in (udev would have done that automatically, but as I didn't need the scanner that often the manual route was sufficient) otherwise QEMU will complain that it can't open the USB device file. Note: I did never look why my udev rule didn't work. Today this is no longer important as I now have a scanner that works with SANE. Also I don't see what you want to imply with moved the problem. The solution for accessing hardware devices without root access is to change their permissions one way or the other. You can do that either by udev rules, manually or in a startup script which is always run (and is run as root - like /etc/rc.local on ArchLinux) though in the last case the device needs ot be plugged in at startup. Regards, Sven -- ___ Lazarus mailing list Lazarus@lists.lazarus.freepascal.org http://lists.lazarus.freepascal.org/mailman/listinfo/lazarus
Re: [Lazarus] run program in ide with sudo for debug purpose
On Mon, Feb 27, 2012 at 15:56, Mark Morgan Lloyd markmll.laza...@telemetry.co.uk wrote: ik wrote: On Sun, Feb 26, 2012 at 14:38, ik ido...@gmail.com wrote: Hello, I'm trying to debug a program that I'm writing with Lazarus, and it require root privileges, but I do not want Lazarus to run as root, only the program itself for debug. How can I do that ? Working with gdbserver can solve this. I'll investigate this issue on the weekend and might send a patch to lazarus to support it If that would work then would accessing gdb via ssh be an alternative? I don't think it's the same. But I guess it is :) -- Mark Morgan Lloyd markMLl .AT. telemetry.co .DOT. uk [Opinions above are the author's, not those of his employers or colleagues] -- ___ Lazarus mailing list Lazarus@lists.lazarus.freepascal.org http://lists.lazarus.freepascal.org/mailman/listinfo/lazarus -- ___ Lazarus mailing list Lazarus@lists.lazarus.freepascal.org http://lists.lazarus.freepascal.org/mailman/listinfo/lazarus
Re: [Lazarus] run program in ide with sudo for debug purpose
On 2/27/2012 05:11, Sven Barth wrote: I'd be happy to be proven wrong, but my understanding is that you do since there is one specific kernel call (in effect, telling the kernel to release an unrecognised device to an unprivileged program) that won't work otherwise. I already managed the following some time ago for a scanner that was not supported by SANE: * setup a Windows VM in QEMU * tell QEMU to pass the scanner to the VM If I now started the VM I became a permission denied error when it tried to open the corresponding dev node. Now I simply changed (at that time without udev rules, because they somehow didn't work as I wanted them to) the group of the corresponding device file (/dev/usb/{bus}/{device}) to a group my user is part of and Tada! it worked. So no, you don't need Root access for an unrecognized device. why not just add your user(s) to that group the device was in? this would/should give the same access capabilities... or am i missing something else? -- ___ Lazarus mailing list Lazarus@lists.lazarus.freepascal.org http://lists.lazarus.freepascal.org/mailman/listinfo/lazarus
Re: [Lazarus] run program in ide with sudo for debug purpose
Am 27.02.2012 16:06, schrieb waldo kitty: On 2/27/2012 05:11, Sven Barth wrote: I'd be happy to be proven wrong, but my understanding is that you do since there is one specific kernel call (in effect, telling the kernel to release an unrecognised device to an unprivileged program) that won't work otherwise. I already managed the following some time ago for a scanner that was not supported by SANE: * setup a Windows VM in QEMU * tell QEMU to pass the scanner to the VM If I now started the VM I became a permission denied error when it tried to open the corresponding dev node. Now I simply changed (at that time without udev rules, because they somehow didn't work as I wanted them to) the group of the corresponding device file (/dev/usb/{bus}/{device}) to a group my user is part of and Tada! it worked. So no, you don't need Root access for an unrecognized device. why not just add your user(s) to that group the device was in? this would/should give the same access capabilities... or am i missing something else? The USB device files are by default created with root:root. I changed the one of my scanner to root:plugdev by hand (and yes, my user belongs to plugdev ;) ) Regards, Sven -- ___ Lazarus mailing list Lazarus@lists.lazarus.freepascal.org http://lists.lazarus.freepascal.org/mailman/listinfo/lazarus
Re: [Lazarus] run program in ide with sudo for debug purpose
On 2/27/2012 10:09, Sven Barth wrote: Am 27.02.2012 16:06, schrieb waldo kitty: why not just add your user(s) to that group the device was in? this would/should give the same access capabilities... or am i missing something else? The USB device files are by default created with root:root. I changed the one of my scanner to root:plugdev by hand (and yes, my user belongs to plugdev ;) ) ahhh! yes, i remember similar messes i dug into a while back... i should have remembered before writing... -- ___ Lazarus mailing list Lazarus@lists.lazarus.freepascal.org http://lists.lazarus.freepascal.org/mailman/listinfo/lazarus
Re: [Lazarus] run program in ide with sudo for debug purpose
On Sunday 26 of February 2012 13:49:08 Martin wrote: On 26/02/2012 12:38, ik wrote: Hello, I'm trying to debug a program that I'm writing with Lazarus, and it require root privileges, but I do not want Lazarus to run as root, only the program itself for debug. How can I do that ? I have not tried it, but maybe if you replace /usr/bin/gdb (in the IDE opions dialog) with sudo /usr/bin/gdb ? Of course that affects all projects. Yes, but sudo can ask for password ,so he'll be stucked there I think. zeljko -- ___ Lazarus mailing list Lazarus@lists.lazarus.freepascal.org http://lists.lazarus.freepascal.org/mailman/listinfo/lazarus
Re: [Lazarus] run program in ide with sudo for debug purpose
On Sun, Feb 26, 2012 at 15:05, zeljko zel...@holobit.net wrote: On Sunday 26 of February 2012 13:49:08 Martin wrote: On 26/02/2012 12:38, ik wrote: Hello, I'm trying to debug a program that I'm writing with Lazarus, and it require root privileges, but I do not want Lazarus to run as root, only the program itself for debug. How can I do that ? I have not tried it, but maybe if you replace /usr/bin/gdb (in the IDE opions dialog) with sudo /usr/bin/gdb ? Of course that affects all projects. Yes, but sudo can ask for password ,so he'll be stucked there I think. Treid to use kdesu but got the following: The debugger /usr/bin/kdesu /usr/bin/gdb does not exist or is not executable. See Tools - Options - Debugger options zeljko -- ___ Lazarus mailing list Lazarus@lists.lazarus.freepascal.org http://lists.lazarus.freepascal.org/mailman/listinfo/lazarus -- ___ Lazarus mailing list Lazarus@lists.lazarus.freepascal.org http://lists.lazarus.freepascal.org/mailman/listinfo/lazarus
Re: [Lazarus] run program in ide with sudo for debug purpose
Martin wrote: On 26/02/2012 12:38, ik wrote: Hello, I'm trying to debug a program that I'm writing with Lazarus, and it require root privileges, but I do not want Lazarus to run as root, only the program itself for debug. How can I do that ? I have not tried it, but maybe if you replace /usr/bin/gdb (in the IDE opions dialog) with sudo /usr/bin/gdb ? Of course that affects all projects. But afaik you can't use a starter app , because then gdb will attempt to debug the starter app I've had this sort of requirement in the past, specifically when using libusb (i.e. the program needed sufficient privilege to grab the device). I wonder whether setting either Lazarus or gdb setuid root would help? -- Mark Morgan Lloyd markMLl .AT. telemetry.co .DOT. uk [Opinions above are the author's, not those of his employers or colleagues] -- ___ Lazarus mailing list Lazarus@lists.lazarus.freepascal.org http://lists.lazarus.freepascal.org/mailman/listinfo/lazarus
Re: [Lazarus] run program in ide with sudo for debug purpose
On Sun, Feb 26, 2012 at 15:29, Mark Morgan Lloyd markmll.laza...@telemetry.co.uk wrote: Martin wrote: On 26/02/2012 12:38, ik wrote: Hello, I'm trying to debug a program that I'm writing with Lazarus, and it require root privileges, but I do not want Lazarus to run as root, only the program itself for debug. How can I do that ? I have not tried it, but maybe if you replace /usr/bin/gdb (in the IDE opions dialog) with sudo /usr/bin/gdb ? Of course that affects all projects. But afaik you can't use a starter app , because then gdb will attempt to debug the starter app I've had this sort of requirement in the past, specifically when using libusb (i.e. the program needed sufficient privilege to grab the device). I wonder whether setting either Lazarus or gdb setuid root would help? That's scars me a lot. Because it means that every program that is using gdb can raise it's privileges to root. I think that a better way, will be to set per project if the program should have different privileges for running inside Lazarus, and if so, then to use tools such as kdesu for example. -- Mark Morgan Lloyd markMLl .AT. telemetry.co .DOT. uk [Opinions above are the author's, not those of his employers or colleagues] -- ___ Lazarus mailing list Lazarus@lists.lazarus.freepascal.org http://lists.lazarus.freepascal.org/mailman/listinfo/lazarus -- ___ Lazarus mailing list Lazarus@lists.lazarus.freepascal.org http://lists.lazarus.freepascal.org/mailman/listinfo/lazarus
Re: [Lazarus] run program in ide with sudo for debug purpose
On Sunday 26 of February 2012 14:56:19 ik wrote: That's scars me a lot. Because it means that every program that is using gdb can raise it's privileges to root. I think that a better way, will be to set per project if the program should have different privileges for running inside Lazarus, and if so, then to use tools such as kdesu for example. workaround is to use gdb from console :) zeljko -- ___ Lazarus mailing list Lazarus@lists.lazarus.freepascal.org http://lists.lazarus.freepascal.org/mailman/listinfo/lazarus