On Fri, Jan 09, 2004 at 10:22:46AM -0500, Herbert Graf wrote:
> > >>>> I have a script on a linux machine that runs a program that
> > >>>> accesses the
> > >>>> parallel port. It seems that I can only access the port as
> > >>> root. The problem
> > >>>> is I'd like to run the script as apache (in the cgi-bin).
> > >>>>
> >
> > I've heard of a similar problem addressed by simply changing the 'file'
> > protection of /dev/whatever-the-parallel-port-is-called to permit
> > non-root access.  Have you tried that?
>
>         I changed the access to lp0 (and an entry called parport0) to xwr for all
> users, still the same problem. I believe this is the case since the program
> isn't accessing the port through the lp0 mechanism. Thanks, TTYL

Correct. This is a classic ioperm issue. And it makes sense because one does
not want random non root programs to have direct I/O port access.

The way this is typically done is:

1) Write a suid wrapper in C that opens the ports, then drops the execution
   back to the ordinary user.
2) Then have the wrapper call the original program using exec. Since it
   replaces the same process, and that process has ioperm permissions, then
   resulting program can then access the ioports.

Note that non of this works with scripts, because scripts are interpreted by
other programs. So you'll have to pay close attention if this is a Perl,
Python, or shell script. Your exec will have to involk the interpreter
directly.

It's not easy on purpose. Direct I/O port access is a violation of modern OS
boundaries. SUID can create security holes big enough to drive a truck through.

Hope this helps,

BAJ

--
http://www.piclist.com hint: The PICList is archived three different
ways.  See http://www.piclist.com/#archives for details.