1

The objective of my application is to control some LEDs on my embedded target from the ethernet link. My embedded board supports lighttpd web server. From this web server, I can run python scripts that read to devices on my board no problem. The problem comes when I am trying to write to those devices. The lighttpd server is running as "www" group. My board's root user has no password. Any attempt i make to force the lighttpd server to run as root results in lighttpd not starting at all. So I made a C program to be called as a subprocess elevated to root via sudo from the python script.

my C program that controls the LEDs:

int main(int argc, char* args[]){   
string python_message = "";
bool quit = false;

while (!quit)
{
    cin >> python_message;  
    if (python_message == "quit"){
    quit = true;
    }else if (python_message == "1"){
        ledn(1,"1");    
    }else if (python_message == "2"){
        ledn(1,"0");
    }else {
    cout << "Huh?" << endl;
    }   
}   
return 0;
}

The python script that is in cgi-bin

import sys
import time

print "Blinking User LED Program"

import subprocess
proc = subprocess.Popen(["sudo","/usr/bin/slave"], stdin=subprocess.PIPE, stdout=subprocess.PIPE)

print "1"
proc.stdin.write("1\n")
time.sleep(.5)
print "0"
proc.stdin.write("0\n")
time.sleep(.5)

If i comment the proc.stdin and proc.stdout lines my program runs and gives me all the print statement outputs. When those lines are there i get a 500 server error.

Improve this question
6
  • Did you added the headers for cgi? print("content-type: text/html; charset=utf-8\n\n"); in the python CGI? Also you may want to import cgi in the python - library for cgi scripts. Allows debugging and so on. Does your C program runs also as CGI (you will have to put the header there also. Commented Dec 31, 2011 at 14:06
  • 1
    Wouldn't it be easier to change the permissions/ownership for the device so that www can do the writing? Just saying :) Commented Dec 31, 2011 at 14:38
  • 1
    why not make the C program setuid? Commented Dec 31, 2011 at 14:42
  • Anyway, have a look on the lighttpd error log. If you're getting the 500 error that's probably the Python script dying because of some error and the traceback should be in the log. Commented Dec 31, 2011 at 14:43
  • The lighttpd logs are not there in var/log (this folder is empty). In lighttp.conf the settings is :server.errorlog= |/var/log/lighttpd/error.log". @RicardoCárdenes and how/where can i change permissions so that www can do the writing? Commented Jan 1, 2012 at 7:28

1 Answer 1

Reset to default
1

Ricardo Cárdenes's suggestion to change the ownership or permissions of the device is a good one, but if you can't do that, just make the Python script that lighttpd calls be a "setuid" script, meaning that lighttpd will invoke it as www but it will run as root.

I normally would not suggest making a script setuid (making a compiled C program setuid is a little less dangerous, maybe). But in your case you don't seem to be concerned about security (since you mentioned trying to run lighttpd as root), so I'd give it a shot. Just don't forget that your setuid script can then do anything it wants!

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

import pwd, os uid = pwd.getpwnam('root')[2] os.setuid(uid) is what i used to try to get the script tuo run as root. But i'm getting another 500 Server error here...
When someone says "make a script setuid" they usually don't mean to write more code. It's a permission bit in the Unix world. I've added a Wikipedia link in my answer.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.