Ask Your Question
5

Launch node with root permissions

asked 2014-05-15 03:30:27 -0500

Hendrik Wiese gravatar image

Hi guys,

I need to launch a specific node with root permissions. The reason is that I need to reset a USB device under specific circumstances (sometimes the device crashes and requires to be reset). Invoking the appropriate ioctl system call requires root permissions.

I'd like to launch that node through roslaunch. However it should be the only node to get into god mode.

The user ROS runs under is in a sudoer. Any idea on how to acheive that?

Thanks a lot!

Cheers, Hendrik

edit retag flag offensive close merge delete

Comments

open a new terminal beside others, run >sudo -s ,then > roslaunch

lanyusea gravatar imagelanyusea ( 2014-05-15 03:38:45 -0500 )edit

But this way all nodes run as root, don't they?

Hendrik Wiese gravatar imageHendrik Wiese ( 2014-05-15 03:55:19 -0500 )edit

I don't think so, you just root the current terminal session, i.e. the current node. others are still running without root.

lanyusea gravatar imagelanyusea ( 2014-05-15 03:59:37 -0500 )edit

But I launch all my nodes with a single roslaunch call. What you supposedly mean is rosrun...

Hendrik Wiese gravatar imageHendrik Wiese ( 2014-05-15 04:02:15 -0500 )edit

1 Answer

Sort by ยป oldest newest most voted
14

answered 2014-05-15 07:27:21 -0500

ahendrix gravatar image

This can be done using the roslaunch launch-prefix option in the node tag. For example, if you user has passwordless sudo enabled, you could try:

<node pkg="my_pkg" type="my_node" name="my_super_node" launch-prefix="sudo"/>

If you don't want to set up passwordless sudo, and your node doesn't change very often, you could try setting the setuid bit on it, so that it runs as root even if started by a non-root user. The only trouble with this is that you'll have to reset the permissions whenever your node changes, and it generally won't be deployable through debs, and it will only work for compiled nodes; not for scripts.

cd devel/lib/my_pkg     # cd to the directory with your node
chown root:root my_node # change ownship to root
chmod a+rx my_node      # set as executable by all
chmod u+s my_node       # set the setuid bit

Note that both of these methods will unset LD_LIBRARY_PATH before executing your node (it's a security feature of glibc). This means that your node will either need to be statically compiled, or you'll need to turn on RPATH during the compilation process, so that the library search path is included in your executable rather than relying on the environment to be set up correctly.

edit flag offensive delete link more

Comments

Sounds promising. Is it possible to use passwordless sudo even with a Python node? I'm okay with passwordless sudo.

Hendrik Wiese gravatar imageHendrik Wiese ( 2014-05-16 03:23:03 -0500 )edit

Yes, I think passwordless sudo with a python node should work. You may want to check that sudo is configured to pass the PYTHONPATH variable.

ahendrix gravatar imageahendrix ( 2014-05-16 06:03:21 -0500 )edit

I know this old question, but I got stuck on that issue for some days.

Could someone please be more specific how this is solved, especially concerning the staical compilation and turning on the RPATH?

Wedigo gravatar imageWedigo ( 2015-07-31 09:13:30 -0500 )edit
ahendrix gravatar imageahendrix ( 2015-08-08 16:24:31 -0500 )edit

Thank you for the link.

I found a solution before you posted this. I added the needed environment variables to the sudo prefix in the .launch file. It works for now....

Wedigo gravatar imageWedigo ( 2015-08-10 05:10:32 -0500 )edit
3

if using sudo as the launch-prefix, it may be necessary to use sudo -E to preserve the ROS environment variables.

suforeman gravatar imagesuforeman ( 2017-01-20 10:50:58 -0500 )edit

hi ! how can I do the reverse of the command line 4 instructions set ? This broke my node and I don't understand the following documentation well enough to do the compilation part of the fix. Between, I'm trying to solve this

Blupon gravatar imageBlupon ( 2017-08-02 08:22:26 -0500 )edit
1

You can remove the setuid bit with sudo chmod u-s my_node

ahendrix gravatar imageahendrix ( 2017-08-02 12:12:15 -0500 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

2 followers

Stats

Asked: 2014-05-15 03:30:27 -0500

Seen: 12,575 times

Last updated: May 15 '14