I am working in Ubuntu 14.04 I have an C++ application which I have compiled. I get the executable which name is "program". Well the thing is that this program use opencv and sockets then if I try to execute it in the terminal like this:
./program
I got this error:
listener: socket: Operation not permitted
setsockopt: Bad file descriptor
This error appear because I using socket and I need to run my application as root, so I tyoe this:
sudo ./program
This request my password and the program works propertly.
The thing is that I want to run this "program" automatically when I start my Ubuntu, but it does not work. I have another application the name is "camera" which only use opencv, no socket, then I do not need to run as root. So I put this application in the startup application of ubuntu and the "camera" application start at the begining without problem.
So I guess that my problem is that I need to run as root my "program", but I can not get it.
Someone could help me?
Many Thanks
You need to change the ownership of the program to root:root and use the setuid permission so that it runs with the permissions of its owner, not the user who invoked it.
sudo chown root:root ./program
sudo chmod a+s ./program
Now the program will run with root privileges for all users.
Hope that helps.
Side note: As a programmer you should strive to ensure that programs that run with root privileges are free of security holes, so that they're not vulnerable to buffer overflow exploits, etc.
Related
So I decided to follow this minecraft server guide, and I'm stuck on the part linked "Automate startup and shutdown procedures". It doesn't start the server. I have tried by replacing code with a simple mkdir, which works. So I know it is being executed.
Yet I can't connect to the screen screen -list, (both when going into sudo and my own user). I checked the /run/screen/ folder and there's no other user.
It means it's safe to say that it fails, and not something I set up wrong.
The code I am using is the exact copy without the mounting nor the backup.
#!/bin/bash
sudo su
cd /home/minecraft
screen -d -m -S mc java -Xms3G -Xmx7G -d64 -jar paper.jar nogui
Shouldn't this work?
EDIT: It works and I pasted the exact code I used. NOTE: I do use PaperMC, and a upgraded machine.
I tried minecraft server guide myself and its worked properly.
At the first time, I didnt find my mcs screen with screen -list but I remembered that GCE always executes startup scripts as root after the network is available.
So my next step was simply to change my user for root with the command sudo su and from this point, my mcs screen was available with screen -list.
note that you can also use sudo screen -list
I hope that will help, if not, what is your command output when its executed on your shell?:
screen -d -m -S mc java -Xms1G -Xmx3G -d64 -jar server.jar nogui
Linux C/C++ has open or fopen API, but created file are belong to process uid.
If we want to change owner/group of this file, we can use chown or fchown API after file created.
But, is there one API for creating file as another user, not two API ?
There is no Unix api dedicated for that, but you can change the current user to
other user before create the file, such as:
Make sure you have permission. The current effective user must be "root" OR set user or group ID on executable file.
Call setgid and setuid to other user.
Create the file.
Call setuid and setgid to old user if required.
Because the user is process-wide, if your program is multi-threaded, you may
need to fork a child process doing the steps I listed before.
But if you want non-root user (such as nobody) to run your program, you can give
the permission to your executable file:
sudo chown root:root ./your_app && sudo chmod gu+s ./you_app
Now you can call setuid(0) and setgid(0) to acquire root permission.
It's not possible in Linux.
Allowing this could cause some subtle security bugs (remote code execution, destroying files of other users, etc.) and therefore is not allowed.
Instead, please just run the process under sudo.
My Development Environment has already started after all the pre-requisites needed:
vagrant up
vagrant ssh
make membersrvc
make peer
But when trying to Start the membersrvc by doing membersrvc after coming into the folder $ cd $GOPATH/src/github.com/hyperledger/fabric, It is not Responding!
No Response even after One Hour!
Any suggestions?
This is exactly how membersrvc supposed to behave. when you execute membersrvc command you don't see any output whatsoever, however you can verify that it is running by opening a separate terminal window and running
ps -a | grep membersrvc
command.
Besides, as Sergey Balashevich commented, you also need to make sure that membersrvc is started and running beforepeer process will be able to get a valid certificate, which means that you need to start both membersrvc and peer process in separate terminal windows simultaneously.
If you want to run all the processes in a single terminal window you can execute them in background asmembersrvc > result 2>&1 & it will start the process and redirect both stdout and stderr to a result file which you can specify. If you don't care about the output at all - you can use /dev/null instead of specifying the file.
I am trying to launch a Qt message box every minute. I added a line in crontab to run the Qt program's executable and redirected the error output to a file in my home directory.
There is no problem with the Qt program that launches the message box because I tested it, but when I try to launch it with crontab the following error arises:
QXcbConnection: Could not connect to display
Aborted (core dumped)
I checked that over the internet and found a thread that might be helpful: https://unix.stackexchange.com/questions/148945/could-not-connect-to-display-in-one-user-account/149026#149026
I believe the first response gives the solution but it's not clear.
It suggests to use x11 to share the desktop and xauth to add security measures but doesn't specify how to configure them. I have xauth already installed but the error persists.
Any ideas about how to solve this problem?
I think the DISPLAY environment is missing. I suggest you wrap your application in a wrapper script (let's call it horloge.sh):
#!/bin/sh
DISPLAY=:0
export DISPLAY
/home/salwa/computing/cpp/horloge
Then put the horloge.sh in your crontab. Don't forget to do a chmod u+x horloge.sh so that the script is executable.
Make sure that the user that launches your app in the crontab line is you. Otherwise, it may not have permissions to use the X server.
I am developing a software in Qt in which I created a terminal. I run different commands through QProcess in that but when I run root commands it ask for password in terminal. I tried to run via sudo but it only accepts password in terminal. Is there any way to give password from another source like pop up widget or a text file?
I have created a QProcess with "bash" as program.
Then just write to it:
echo mypassword | sudo -S ifconfig eth0 192.168.1.123\n
You could try
Running your application as root (which is really a very bad idea, actually!)
Edit sudoers file and add the commands you want to run to this file. Then you can run these commands like sudo run_x_cmd with no password i.e, your QProcess can run these commands and you won't be asked for password.
Adding a password to a text file in order to source input for the command is a very bad idea, as it weakens security.
Version 1.8 of sudo provides a plugin architecture, which would allow you to link to it from your application and may provide a solution for you.
The SDK for the sudo plugin API can be found in the documentation .