Skip to content
Snippets Groups Projects
Select Git revision
  • master default protected
  • L2SS-1914-fix_job_dispatch
  • TMSS-3170
  • TMSS-3167
  • TMSS-3161
  • TMSS-3158-Front-End-Only-Allow-Changing-Again
  • TMSS-3133
  • TMSS-3319-Fix-Templates
  • test-fix-deploy
  • TMSS-3134
  • TMSS-2872
  • defer-state
  • add-custom-monitoring-points
  • TMSS-3101-Front-End-Only
  • TMSS-984-choices
  • SDC-1400-Front-End-Only
  • TMSS-3079-PII
  • TMSS-2936
  • check-for-max-244-subbands
  • TMSS-2927---Front-End-Only-PXII
  • Before-Remove-TMSS
  • LOFAR-Release-4_4_318 protected
  • LOFAR-Release-4_4_317 protected
  • LOFAR-Release-4_4_316 protected
  • LOFAR-Release-4_4_315 protected
  • LOFAR-Release-4_4_314 protected
  • LOFAR-Release-4_4_313 protected
  • LOFAR-Release-4_4_312 protected
  • LOFAR-Release-4_4_311 protected
  • LOFAR-Release-4_4_310 protected
  • LOFAR-Release-4_4_309 protected
  • LOFAR-Release-4_4_308 protected
  • LOFAR-Release-4_4_307 protected
  • LOFAR-Release-4_4_306 protected
  • LOFAR-Release-4_4_304 protected
  • LOFAR-Release-4_4_303 protected
  • LOFAR-Release-4_4_302 protected
  • LOFAR-Release-4_4_301 protected
  • LOFAR-Release-4_4_300 protected
  • LOFAR-Release-4_4_299 protected
40 results

src

  • Clone with SSH
  • Clone with HTTPS
    • user avatar
    BugID: 708
    wierenga authored 
    Write BS register unconditionally.
Write in Hz not MHz!
    ed0a7fdc
    History
    user avatar ed0a7fdc
    History
    Code owners
    Assign users and groups as approvers for specific file changes. Learn more.
    Name Last commit Last update
    ..
    BSWrite.cc
    BSWrite.h
    BWRead.cc
    BWRead.h
    BWWrite.cc
    BWWrite.h
    BstRead.cc
    BstRead.h
    CDOWrite.cc
    CDOWrite.h
    Cache.cc
    Cache.h
    Command.cc
    Command.h
    GetClocksCmd.cc
    GetClocksCmd.h
    GetRCUCmd.cc
    GetRCUCmd.h
    GetStatsCmd.cc
    GetStatsCmd.h
    GetStatusCmd.cc
    GetStatusCmd.h
    GetSubbandsCmd.cc
    GetSubbandsCmd.h
    GetVersionsCmd.cc
    GetVersionsCmd.h
    GetWGCmd.cc
    GetWGCmd.h
    GetWeightsCmd.cc
    GetWeightsCmd.h
    GetXCStatsCmd.cc
    GetXCStatsCmd.h
    Makefile.am
    RCUProtocolWrite.cc
    RCUProtocolWrite.h
    RCURead.cc
    RCURead.h
    RCUResultRead.cc
    RCUResultRead.h
    RCUWrite.cc
    RCUWrite.h
    README
    RSPDriver.cc
    RSPDriver.conf.in
    RSPDriver.h
    RSPDriver.log_prop.in
    RSPDriverPorts.conf.in
    RSUWrite.cc
    RSUWrite.h
    RawEvent.cc
    RawEvent.h
    RefCount.h
    RemoteStation.conf.in
    SSRead.cc
    SSRead.h
    SSWrite.cc
    SSWrite.h
    Scheduler.cc
    Scheduler.h
    SetClocksCmd.cc
    SetClocksCmd.h
    SetRCUCmd.cc
    SetRCUCmd.h
    SetRSUCmd.cc
    SetRSUCmd.h
    SetSubbandsCmd.cc
    SetSubbandsCmd.h
    SetWG.cc
    SetWG.conf.in
    SetWG.h
    SetWGCmd.cc
    SetWGCmd.h
    SetWeightsCmd.cc
    SetWeightsCmd.h
    SstRead.cc
    SstRead.h
    StationSettings.cc
    StationSettings.h
    StatusRead.cc
    StatusRead.h
    SyncAction.cc
    SyncAction.h
    TDSProtocolWrite.cc
    TDSProtocolWrite.h
    TDSResultRead.cc
    TDSResultRead.h
    TDS_program_plls.txt
    TDSi2cdefs.h
    Tuner.cc
    Tuner.conf.in
    Tuner.h
    UpdClocksCmd.cc
    UpdClocksCmd.h
    UpdRCUCmd.cc
    UpdRCUCmd.h
    UpdStatsCmd.cc
    UpdStatsCmd.h
    UpdStatusCmd.cc
    UpdStatusCmd.h
    UpdSubbandsCmd.cc
    README
    The RSPDriver and EPAStub programs both need access to raw ethernet sockets
to be able to send and receive raw ethernet packets. This README explains how
this has been achieved and what system configuration is needed to be able
to allow these programs raw ethernet access in a safe manner (from the
sysadmin perspective).

How to run as a normal user and still have access to raw ethernet
=================================================================

In order to have access to raw ethernet capabilities a Linux proces must:

1. run as root (geteuid()==0 && getuid() == 0), or
2. run as as setuid root  (geteuid() == 0 && getuid() != 0)

Option 1 is undesirable from a sysadmin point of view, it gives the program
too much permissions which can be dangerous w.r.t.the integrity of the system.

Option 2 can be cumbersome because during development everytime a new
binary is created the developer needs root permissions to make the binary
setuid-root again.

Therefore the following solutions has been implemented:

* RSPDriver and EPAStub run as setuid-root by configuring sudo (man sudo(8)) to
  allow specific users (e.g. the developers, the operational user) to run
  those programs as setuid-root. This is simply an alternative way of explicitly
  changing owner of the binary and making it setuid (chmod +s).

* RSPDriver and EPAStub will set their capabilities to "= cap_net_raw+ep"
  (man cap_set_proc(3)). And then change their euid (root) back to the
  uid (the user that invoked the program).

Example /etc/sudoers config:

-------%< cut here
# Cmnd alias specification
Cmnd_Alias      MAC=/opt/lofar/bin/RSPDriver,\
		    /opt/lofar/bin/EPAStub

# Defaults specification
Defaults:wierenga       stay_setuid # only change euid to 0 (root)

# User privilege specification
wierenga ALL=NOPASSWD: MAC
-------%< cut here

This allows user 'wierenga' to run RSPDriver and EPAStub as setuid-root without
specifying a password like this:
> sudo /opt/lofar/bin/RSPDriver
or
> cd /opt/lofar/bin
> sudo ./RSPDriver
or
> PATH=$PATH:/opt/lofar/bin
> sudo RSPDriver