Let's say we have an AWS instance with GPU capability. Also, only ec2-user/root users can install software on this server (nvidia drivers, CUDA, etc..). Now suppose ec2-user/root user types the command nvidia-smi and receives the following output:
Would a "regular" (non-root user or non ec2-user) user still get the same output? Or would he get something like NVIDIA-SMI has failed because it couldn’t communicate with the NVIDIA driver. Make sure that the latest NVIDIA driver is installed and running?
In other words, do regular users also have access to the GPU/CUDA if it has been installed by the root/ec2-user?
Yes, regular users should have access to GPU/CUDA, if you have not done anything unusual during the install. The only way you would get this kind of behavior mismatch (between root and ordinary user) would be if you had modified permissions on the device files. However a typical install will set permissions so that anyone can use the GPUs.
However even in the case where the device permissions are set in an unusual way, the difference would not result in that particular error message for the ordinary user, it would result in a permissions message.
That particular error message indicates a broken driver install, and the broken driver install will manifest itself for both root and ordinary users.
Note that the "broken driver install" statement here assumes you have already rebooted the instance, and are still seeing the message. If you have not yet rebooted the instance after driver install, that is recommended.
Related
I decided to try to run Cloud9 on an ARM server ("Graviton"). I created an EC2 t4g.medium instance and a key, made sure I could SSH into it as expected (no problem), and then created a Cloud9 SSH environment. It mostly seemed to install without issue aside from a mild complaint about Sqlite. When I opened the IDE, it was perfect. Terminals worked as expected, files saved, autoformatter autoformatted and the world was good.
Every subsequent time I have opened the IDE, however, it has just given me a loading spinner. After a lot of Googling I noted that this pattern has been seen before. I tried installing tmux, but that had no effect. See screenshot:
screenshot of cloud9 error message and spinning terminal
According to this document, graviton isn't officially supported: https://docs.aws.amazon.com/cloud9/latest/user-guide/ssh-settings.html#ssh-settings-requirements. Other things that might cause it to fail are if the instance isn't publicly accessible on the internet (ie on the public subset with port 22 open, or connectable through a jump host). Also, you'll probably want a security group that only allows traffic from Cloud9; see here: https://docs.aws.amazon.com/cloud9/latest/user-guide/ip-ranges.html.
Additionally, I found the Cloud9 installer doesn't mention needing to install gcc-c++ in addition to gcc.
Because I don't want my machine on the public subnet, I'm giving up and waiting until this is supported. But I hope this might give you some useful information.
I can't find documentation or examples of how use typeKeystrokesInGuest command of vmrun tool.
I tried send key code, like 30 and I try send Some text, but always got
Insufficient permissions in the host operating system. I think, I must give right permission, but I don't know where, and I don't know is I use described command in properly way.
If I remember right, vmrun uses the VIX API which is slated to be deprecated. A new option is to use the PutUsbScanCodes method that is available with the vSphere 6.5 API and does not have a dependency of VMware Tools running on the guest OS.
More information is available at the following: https://www.virtuallyghetto.com/2017/09/automating-vm-keystrokes-using-the-vsphere-api-powercli.html
Govc it's supposed to do this job as well I have found a bug which I'm hoping they'll fix soon
I'm writing a cross-platform app that I would like to run on Linux-based operating systems like Fedora and Ubuntu. I use QSerialPort and it works fine. I can use QSerialPortInfo to get a list of serial ports in the system and present them to the user who can select which one s/he wants to use.
However, on Linux systems, by default the user doesn't have permissions to the serial ports. I know that it is wrong to run my app with sudo and I also know that it is not user friendly to ask the user to run chmod 666 on the serial port manually every time the app is used. So I looked around and it seems to me that polkit is the answer, however I haven't been able to find any example which would show me how to do it.
Can you please tell me how to use polkit (formerly known as policykit) to request permission for my app to use a specific serial port?
EDIT:
What I'm looking for is a way to:
Check if the user has access to the serial port
If not, pop up a dialog that asks for permission (like the Gnome settings app for example)
If the user authenticated successfully, make the serial port available to the app.
Some more thoughts
I do NOT want to set up an udev rule that gives perimission to every serial port
I do NOT want to ask the user to run a script
I do NOT want my app to run as the superuser
I do NOT want any other actions performed as root, just the serial port access
Yes I've found the official polkit docs, but they are not very clear on how to do this.
General thinking:
It is not a good idea to try to make an application "universal".
I understand that you want your software to be easy to use, but for things like this (system's settings), you should rely on the system packagers.
At anytime, polkit can be replaced by another solution, or ressource's name can be changed, or whatever and your application would be no more usable.
I advise you to:
at most, raise a polkit windows that woulde ask for password
or better, to make distribution packages that will do the necessary tweaks through regular scripts
An idea
I didn't do it (but I played a lot in the past with pam :-) )
So here are links that I found and what I understood:
polkit acts the same way as sudo do: it allow you to run program with another identity (explanations)
so you can run your program either as root or as one having enough right access to the serial
So you could create:
an install script that allow to run your program with the good identity (e.g. example). That way you would ask root password once (at the install for creating the polkit policy), and each time the user wanted to run your program. That identity maybe root or any identity as long as that identity has R/W access.
a policy file: you can look either at 1 or documentation
a script for lauching your program containing something like this: pkexec <path>/<pgm>
Here are some pointers:
an admin guide to polkit: 3
(I'm a debian user but I like their docs)
the official documentation: https://www.freedesktop.org/software/polkit/docs/master/index.html
I'm trying to run an OpenGl program on an Amazon EC2 instance. When run on local computers it works fine, but when run through the remote desktop the program crashes and I've narrowed it down to the glCreateShader(GL_VERTEX_SHADER) call.
I researched this previously when running over remote desktop on a computer in the local network and the solution I found was to use a batch script that disconnected the session and started the OpenGL exe. Then when you logged back on it was fine. tscon 1 /dest:console
Unfortunately now this seems not to work when trying to run on the Amazon instance. Does anyone have any experience with OpenGL issues over remote connections?
glCreateShader is one of the functions which location must be obtained at runtime using a …gl…GetProcAddress call. This call will give a valid pointer only if the function is actually supported by the installed OpenGL driver. Also even if the function is supported by the driver, the actual feature accessed by the function may not be supported by the device/OpenGL context you're using.
It's mandatory you're checking the validity of the function address assert(glCreateShader); and that the function is actually supported (OpenGL version >= OpenGL-2.0 or GL_ARB_vertex_shader and GL_ARB_fragment_shader in the list of extensions).
I'm trying to run an OpenGl program on an Amazon EC2 instance.
Virtual machines normally don't have a GPU available. The functionality you're requesting is not available without a GPU in a standard Windows installation. As a workaround, however with largely reduced performance, you can build and install the Mesa3D opengl32.dll software rasterizer alongside your program's .exe (do not install in the system path!).
We wrote a Windows device driver to access our custom PCI card. The driver uses CreateFile to get a handle to the card.
We recently had trouble at one installation were the card appeared to stop working. We tried replacing the card (the replacement appeared not work either). The computer vendor replaced the motherboard and both cards still failed to work. We put the cards in a different computer and both worked fine.
We now have the computer at our office for examination. The Windows Device Manager lists our card in Other Devices as usual and says it's working fine. However, our driver initialization fails when it attempts to connect to the card.
We created a test version of our driver with some extra debugging and determined that CreateFile is failing. It returns INVALID_HANDLE_VALUE as it is supposed to on failure. GetLastError indicates the error is Access is Denied.
Since we're logged into the system as a local administrator, what can deny access to the device?
You may want to try with a "Checked" build of the Windows kernel. This is a debug build that has much more diagnostic information available through a debug channel. Last time I used one (years ago), the build was available on MSDN, but my info is possibly out of date.
This doesn't sound like a device driver, CreateFile() is only available in a regular Win32 app. That also matches the error, device drivers are not subjected to security restrictions like Win32 apps are.
Yes, you may have trouble opening handles to devices with CreateFile(). I think the user account at least needs to have SE_BACKUP_PRIVILEGE. There were also changes in Vista, review the CreateFile docs, section "Physical disks and volumes" for the rules. The best place to find security gurus that can show you how to edit the account privileges is a serverfault.com