ros2: start node with sudo rights
Hi,
as I have some nodes on a Raspi requiring access to the hardware, some of my nodes need to be started with sudo rights.
The easiest, but imho undesirable solution, is to open a shell with sudo -s
and afterwards start the node. However, this is not really user-friendly. Is there a better solution for that? As mentioned in this post, launch-prefix
may be used. However, this is a solution for ROS1. I gave it a try, and this results in errors. If I set the launch-prefix to either sudo
or sudo -E
, the following error occurs:
[INFO] [launch]: Default logging verbosity is set to INFO
[INFO] [led_strip_node-1]: process started with pid [20011]
[led_strip_node-1] Traceback (most recent call last):
[led_strip_node-1] File "/home/pi/vehicle_workspace/install/vehicle_hardware/lib/vehicle_hardware/led_strip_node", line 33, in <module>
[led_strip_node-1] sys.exit(load_entry_point('vehicle-hardware', 'console_scripts', 'led_strip_node')())
[led_strip_node-1] File "/home/pi/vehicle_workspace/install/vehicle_hardware/lib/vehicle_hardware/led_strip_node", line 22, in importlib_load_entry_point
[led_strip_node-1] for entry_point in distribution(dist_name).entry_points
[led_strip_node-1] File "/home/pi/vehicle_workspace/env/lib/python3.7/site-packages/importlib_metadata/__init__.py", line 549, in distribution
[led_strip_node-1] return Distribution.from_name(distribution_name)
[led_strip_node-1] File "/home/pi/vehicle_workspace/env/lib/python3.7/site-packages/importlib_metadata/__init__.py", line 206, in from_name
[led_strip_node-1] raise PackageNotFoundError(name)
[led_strip_node-1] importlib_metadata.PackageNotFoundError: vehicle-hardware
[ERROR] [led_strip_node-1]: process has died [pid 20011, exit code 1, cmd 'sudo -E /home/pi/vehicle_workspace/install/vehicle_hardware/lib/vehicle_hardware/led_strip_node --ros-args'].
Thanks in advance! urczf
Asked by urczf on 2021-01-19 10:10:56 UTC
Answers
Hi there,
This launch config works for my use case (Raspberry Pi 4 - ROS2 Galactic - run node as root with access to GPIO). You might need to add your user to /etc/sudoers to skip password prompt.
from launch import LaunchDescription
from launch_ros.actions import Node
def generate_launch_description():
return LaunchDescription([
Node(
package='my_package',
executable='my_node',
namespace="",
name='my_node',
# Launch the node with root access (GPIO) in a shell
prefix=["sudo -E env \"PYTHONPATH=$PYTHONPATH\" \"LD_LIBRARY_PATH=$LD_LIBRARY_PATH\" \"PATH=$PATH\" \"USER=$USER\" bash -c "],
shell=True,
),
])
Asked by francisc0garcia on 2022-04-18 12:10:10 UTC
Comments
Wouldn't the 'best' solution be to make sure the user starting the ROS nodes has the access rights, instead of starting a whole node with
root
privileges?What about writing a
udev
rule which allows a certain group read/write access? And then make your$USER
a member of that group.That's a very common approach which completely removes the need for running ROS nodes as
root
(which from a security perspective is not a very nice thing to do).Asked by gvdhoorn on 2021-01-19 12:33:09 UTC
The questen is why do you need root rights, because it is not windows so you could solfe the problem buy adding you user to some groups.
Asked by duck-development on 2021-01-19 13:50:14 UTC
Isn't this exactly what I wrote in my comment?
Asked by gvdhoorn on 2021-01-19 14:09:46 UTC
We need to access
/dev/mem
which is not possible with udev rules. By adding$USER
to theroot
group would imply that by default I have alwayssu
rights, which is not what I want.Asked by urczf on 2021-01-20 11:12:18 UTC
Are these GPIOs you're trying to access? I remember similar questions but in a ROS 1 context and I believe the solution was to use
/dev/gpiomem
instead of/dev/mem
directly.As to your issue: it's likely the environment of your process is getting sanatised, leading to the
PYTHONPATH
no longer containing the required packages.Asked by gvdhoorn on 2021-01-20 11:36:34 UTC