I have EV3 Lego Mindstorms and I instaled on it ev3dev operating system. I set the connection with the PC via SSH and using PuTTY I started to "programming". I used the cat > test2.py and wrote this code:
#!/usr/bin/env python3
import ev3dev.ev3 as ev3
motor = ev3.LargeMotor('outA')
motor.run_timed(time_sp = 1000, speed_sp = 500)
I saved the file and initialized it using ./test2.py. I got this output:
-bash: ./test2.py: Persmission denied
What caused it and what should I change?
try this:
sudo python3 test2.py
that will allows you to open almost anything in linux
Use ls -la ./test2.py in order to see the file permissions.
Look at the beginning of the output, you'll see something like this:
-rw-rw-r--
The first - means if is a directory or a file. In this case means that is a file.
Now If you observe the remaining chars there are 3 sets of 3 chars with means the permissions for the owner of the file, the owner group and the last set is for the rest of the users.
We have permissions to read, write and execute and in the example I showed there are read and write permissions for the owner user and the owner group but non permissions for the other users.
As Is said above you can just use sudo every time you execute the script but to run it with root privileges. However I would recommend you change your file permissions and using chmod
sudo chmod +x ./test2.py
This will let you execute the script. Take a look at chmod documentation to learn more: https://help.ubuntu.com/community/FilePermissions
Related
I recently upgraded to Mac Big Sur and have noticed my Python 3.8 cron jobs have stopped working. Under my own account in a bash shell, I can run this without issues ...
davea$ cd /Users/davea/Documents/workspace/article_project; source ./venv/bin/activate; python3 manage.py check_duplicates
In my crontab, I had this set up, which used to work before the upgrade ...
*/5 * * * * /bin/bash -l -c 'cd /Users/davea/Documents/workspace/article_project; source ./venv/bin/activate; python manage.py check_duplicates >> /Users/davea/logs/record2.txt 2>&1'
However, after the upgrade, I'm noticing my command is never run and I see this issue in my log file
/Library/Frameworks/Python.framework/Versions/3.8/bin/python3: can't open file 'manage.py': [Errno 1] Operation not permitted
These are the permissions/groups on my "manage.py" file ...
davea$ ls -al manage.py
-rwxrwxr-x 1 davea staff 866 Apr 15 2019 manage.py
What else do I need to do to get my cron job to run again?
Turns out with the new Mac OS there is an extra level of permissions that need to be enabled. In System Preferences, under Security and Privacy, I clicked the Privacy tab, and then added "cron" to the "Full disk Access" list
then the cron jobs ran without the permissions error.
I think in this case, python3 is considered as "any user" and with the -rwxrwxr permission it only have right to read the file, try to run chmod 775 manage.py in your folder to add permission to manage.py to be executed by "any user" (rigths should be set to -rwxrwxr), hope it can help.
EDIT: technically, read permission should be enough for python to run a file, but I can't see another reason why this error would appear, and I would be interested if you find one
This looks like a SIP or other mac-specific access permissions error, especially since it was right after an upgrade. Could be: https://osxdaily.com/2018/10/09/fix-operation-not-permitted-terminal-error-macos/
I've also had lots of problems working with venvs with cron, could be related to this: https://stackoverflow.com/a/7031758/13113166
It's also weird that the error comes from /Library/Frameworks/Python.framework/Versions/3.8/bin/python3 when i think it should come from your venv if it's activated correctly.
When a command is executed via subprocess.run, what permissions is the command executed with? Is it the permissions of the enclosing python file? Is it user permissions?
For example, if a python file were run with sudo:
sudo python3 file.py
and file.py contained the line
subprocess.run([ 'chmod', '+x', 'file.sh' ])
Would chmod be run with super user permissions?
Intuitively, it should, because, through sudo, you are giving the script itself superuser permissions - this means that the commands it runs would be effectively performed by the superuser.
However, to verify, let's do a little experiment.
test.py
import subprocess
subprocess.run('whoami')
(Now, on the terminal)
$ sudo python test.py
root
$
So, chmod will run with superuser permissions, yes.
I have followed a few posts on here trying to run either a python or shell script on my ec2 instance after every boot not just the first boot.
I have tried the:
[scripts-user, always] to /etc/cloud/cloud.cfg file
Added script to ./scripts/per-boot folder
and
adding script to /etc/rc.local
Yes the permissions were changed to 755 for /etc/rc.local
I am attempting to pipe the output of the file into a file located in the /home/ubuntu/ directory and the file does not contain anything after boot.
If I run the scripts (.sh or .py) manually they work.
Any suggestions or request for additional info to help?
So the current solution appears to be a method I wrote off in my initial question post as I may have not performed the setup exactly as outline in the link below...
This link -->
How do I make cloud-init startup scripts run every time my EC2 instance boots?
The link shows how to modify the /etc/cloud/cloud.cfg file to update scripts-user to [scripts-user, always]
Also that link says to add your *.sh file to /var/lib/cloud/scripts/per-boot directory.
Once you reboot your system your script should have executed and you can verify this in: sudo cat /var/log/cloud-init.log
if your script still fails to execute try to erase the instance state of your server with the following command: sudo rm -rf /var/lib/cloud/instance/*
--NOTE:--
It appears print commands from a python script do not pipe (>>) as expected but echo commands pipe easily
Fails to pipe
sudo python test.py >> log.txt
Pipes successfully
echo "HI" >> log.txt
Is this something along the lines that you want?
It copies the script to the instance, connects to the instance, and runs the script right away.
ec2 scp ~/path_to_script.py : instance_name -y && ec2 ssh instance_name -yc "python script_name.py" 1>/dev/null
I read that the use of rc.local is getting deprecated. One thing to try is a line in /etc/crontab like this:
#reboot full-path-of-script
If there's a specific user you want to run the script as, you can list it after #reboot.
I've got a python script named test.cgi in /Library/WebServer/CGI-Executables. I have an index.html file in /Library/WebServer/Documents. My html file contains a form that posts to the CGI script and that works fine. When my script attempts to write a file I get the following error:
It doesn't matter what I specify as the output dir, I get the same error message. I've tried changing the permissions on the cgi-bin folder and the script but that doesn't work either. Any suggestions?
On Linux, a web server normally runs as an unprivileged user and group. Often user=www-data and group=www-data, but it depends on your setup. The CGI inherits this user and group.
To create a file as www-data you need to ensure the directory is writable to that user.
One common way is to make sure that the directory is in group www-data and writable. The following commands are an example:
$ chgrp www-data /Users/user/Documents/pictures
$ chmod g+rwx /Users/user/Documents/pictures
This will only work if you are yourself in group www-data (or root).
You might want to make existing files in that directory writable:
$ chgrp www-data /Users/user/Documents/pictures/*
$ chmod g+rw /Users/user/Documents/pictures/*
You also need to check that all the directories above /Users/user/Documents/pictures are accessible to www-data. So chgrp/chmod them as well if they are not open to anyone.
Looks like you don't have the write permissions at some point along the way to /Users/user/Documents/pictures/lol.jpg - you should modify permissions in there accordingly (whilst bearing in mind security implications)
I have a problem. I am writing a piece of software, which is required to perform an operation which requires the user to be in sudo mode. running 'sudo python filename.py' isn't an option, which leads me to my question. Is there a way of changing to sudo half way through a python script, security isn't an issue as the user will know the sudo password the program should run in the following way to illustrate the issue
program running as normal user
...... performing operations
user enters sudo password
user changed to sudo
sub program requiring sudo permission is run
on trigger even (end of sub program) user becomes normal user again
...... performing operations
My problem lies in step 3, any pointers or frameworks you could suggest would be of great help.
Cheers
Chris
It is better to run as little of the program as possible with elevated privileges. You can run the small part that needs more privilege via the subprocess.call() function, e.g.
import subprocess
returncode = subprocess.call(["/usr/bin/sudo", "/usr/bin/id"])
Don't try and make yourself sudo just check if you are and error if your not
class NotSudo(Exception):
pass
if os.getuid() != 0:
raise NotSudo("This program is not run as sudo or elevated this it will not work")
I've recently dealt with this problem while making a system installation script. To switch to superuser permissions, I used subprocess.call() with 'sudo':
#!/usr/bin/python
import subprocess
import shlex
import getpass
print "This script was called by: " + getpass.getuser()
print "Now do something as 'root'..."
subprocess.call(shlex.split('sudo id -nu'))
print "Now switch back to the calling user: " + getpass.getuser()
Note that you need to use shlex.split() to make your command usable for subprocess.call(). If you want to use the output from a command, you can use subprocess.check_output(). There is also a package called 'sh' (http://amoffat.github.com/sh/) that you can use for this purpose.
Use Tcl and Expect, plus subprocess to elevate yourself. So basically it's like this:
sudo.tcl
spawn sudo
expect {
"Password:" {
send "password"
}
}
sudo.py
import subprocess
subprocess.call(['tclsh', 'sudo.tcl'])
And then run sudo.py.
If you are able to encapsulate just the necessary functionality requiring elevated privileges in a separate executable, you could use the setuid bit on the executable program, and call it from your user-level python script.
In this way, only the activity in the setuid-executable run as root, however executing this does NOT require sudo, i.e., root privileges. Only creating/modifying the setuid-executable requires sudo.
There are a few security implications, such as ensuring that your setuid executable program properly sanitizes any user input (e.g., parameters), so that it cannot be tricked into doing something it should not (confused deputy problem).
ref:
http://en.wikipedia.org/wiki/Setuid#setuid_on_executables
edit: setuid only seems to work for compiled executables (binaries), and not interpreted scripts, so you may need to use a compiled setuid wrapper.
You can use setuid to set the users uid. But for obvious security reasons you can only do this if you are root (or the program has suid root rights). Both of these are probably a bad idea.
In this case you need to sudo rights to run a specific program. In that case just sub to "sudo theprogram" instead.
import subprocess
subprocess.check_output("sudo -i -u " + str(username) + " ls -l", shell=True).decode("utf-8").strip()
Not sure how this would help you, and it does not answer the question, yet, it is a workaround to think about when you run into a needed "root" user problem and you need to be "root" only to read / write in a folder or file.
You can then change the permissions and also switch them back afterwards. I had this in a docker-compose file that started a Python script that deployed an application to a server. This workaround was the only way how I got it to run. I do not even need to change the permissions from the container bash, instead, the script does that, and only the password is needed twice.
Before this workaround, I tried to change to the root user and then execute large blocks of code with that root user, to no avail.
run("ls -ld /usr/local/my_project/")
run("sudo chmod o+wx /usr/local/my_project/")
run("ls -ld /usr/local/my_project/")
my_code_that_needed_root_rights_and_now_runs_without_root_user()
run("sudo chmod 774 /usr/local/my_project/")
run("ls -ld /usr/local/my_project/")
And the output:
[server_connection] run: ls -ld /usr/local/my_project/
[server_connection] Login password for 'my_user':
[server_connection] out: drwxrwxr-- 45 root 100005 4096 Apr 25 13:52 /usr/local/my_project/
[server_connection] out:
[server_connection] run: sudo chmod o+wx /usr/local/my_project/
[server_connection] out: [sudo] password for my_user:
[server_connection] out:
[server_connection] run: ls -ld /usr/local/my_project/
[server_connection] out: drwxrwxrwx 45 root 100005 4096 Apr 25 13:52 /usr/local/my_project/
[server_connection] out:
[...]
[server_connection] run: sudo chmod 774 /usr/local/my_project/
[server_connection] out: [sudo] password for my_user:
[server_connection] out:
[server_connection] run: ls -ld /usr/local/my_project/
[server_connection] out: drwxrwxr-- 46 root 100005 4096 Apr 25 14:02 /usr/local/my_project/
[server_connection] out:
After this, the server folder had the same permissions as before, and the code did not need the root user to run through.
Are you talking about having the user input password half way through your execution? raw_input() can take a user input from console, but it will not mask the password.
>>>> y = raw_input()
somehting
>>> y
'somehting'