cymplecy / scratch_gpio

Code for scratch_gpio_handler
42 stars 23 forks source link

Feature request: the ability to run without sudo #15

Closed threepistons closed 6 years ago

threepistons commented 6 years ago

I have 300 Pis with networked accounts via LDAP and I cannot grant sudo access to every user. Home folders are on NFS with root_squash enabled so root cannot write to home folders. In any case, having the default project be in "/home/user0001" doesn't let the other users see it.

Therefore, I am interested in a version of this that can run without sudo and puts the sample and default project somewhere world-readable.

I will make a fork and see what I can do. However, I am new to Python and would appreciate any help that anyone can give.

threepistons commented 6 years ago

My first question: which branch and commit ID should I branch from to create a new feature? I believe that a common convention is to use the last tagged release, but you have no tags. I wish to avoid the merge problems found in #3.

cymplecy commented 6 years ago

Hello Your main problem here is that I just do this for fun and know nothing about LDAP NFS root squashed etc etc :)

However, running sudo-less shouldn't be too much of a problem and I'm more than willing to give it a go

Basically, in the early days of Pi, you needed sudo to control GPIO pins - this restriction was removed about 2 years ago but I've never bothered changing anything as I subscribe to the "if its not broke - don't fix it" philosphy

So, Let me have quick play and see what happens

Do you have a suggestion as to "world-readable" location (one that would would for the majority standalone users as well as networked ones)

If you can't wait for me to have a go - the main stable release branch is v8

My code is appalling so I highly recommend you let me have a go first to save your sanity :)

Do you use any particular add-on boards or are we talking basic leds/switches etc

I'm very keen for physical computing to be used in education so I will put some effort into this for you

Where are you based if you don't mind me asking? I'm in UK

dcorking commented 6 years ago

For a world-readable install, I suspect it is worth making it into a pip package, so that a pip install (as su) puts it in site-packages. It looks like there is some learning curve for that.

cymplecy commented 6 years ago

I've avoided making it a package to avoid that curve :) I think @threepistons wants the sample projects in a world-readable location - I think the program location of /opt/scratchgpio is acceptable to them

threepistons commented 6 years ago

Where are you based if you don't mind me asking? I'm in UK

I work at Newcastle University supporting the School of Computing. Part of our teaching equipment is a fleet of 300 Pis running Raspbian Jessie permanently bolted to the classroom desks in Shortcrust cases with the lids left off (to allow access to the GPIO pins whilst preventing removal of the SD card). We could not maintain these Pis in a consistent, teaching-ready state if we let everyone have sudo access.

know nothing about LDAP NFS root squashed etc etc :)

The important outcome of how we manage these Pis is that root cannot write into a user's home folder. Root does have access to the rest of the filesystem and I can use Puppet to run any kind of scripted installer in a scalable way, add users to the gpio group, etc.

Do you have a suggestion as to "world-readable" location (one that would would for the majority standalone users as well as networked ones)

A folder in /opt is a common convention for any software package that isn't shipped with apt/yum/pip/$your-favourite-package-manager. A folder in /usr/share is also a reasonable place for data associated with a package where the rest of the package is elsewhere.

Do you use any particular add-on boards or are we talking basic leds/switches etc I'm very keen for physical computing to be used in education so I will put some effort into this for you

So are we! The installation request has come from our Teaching Innovation group who run outreach programs and hence have some Year 5 pupils coming to learn with the Pis and Pibrella boards. They are willing to lend me a Pibrella for testing, there is a Pi on my desk already.

My working day ends now, but I will look at the startup script some more tomorrow. I have the bash knowledge to copy the default project into the user's home folder unless it is already there, but only if they are running the startup script without sudo.

I am puzzled about the I couldn't find a Mesh session at host: 127.0.0.1, port: 42001 message I get if I take the sudo out of the startup script. I can't yet find any other reference to it in the repo.

cymplecy commented 6 years ago

"I am puzzled about the I couldn't find a Mesh session at host: 127.0.0.1, port: 42001 message I get if I take the sudo out of the startup script. I can't yet find any other reference to it in the repo."

That's why I'm suggesting leaving it to me to make it run sudo-less :)

As the author - its going to take me a lot less time than you to get it working.

Your knowledge will come with sorting out default user folder for Scratch

cymplecy commented 6 years ago

There doesn't seem to be any problem with altering the launch scripts to miss off the sudo before the python - it can still control the pins :) e.g /opt/scratchgpio8/scratchgpio8.sh `#!/bin/bash

Version 0.2 - add in & to allow simultaneous running of handler and Scratch

Version 0.3 - change sp launches rsc.sb from "/home/pi/Documents/Scratch Proje$

Version 0.4 - 20Mar13 meltwater - change to use provided name for home

Version 1.0 - 29Oct13 sw - change to cd into simplesi_scratch_handler to run s$

sudo pkill -f scratchgpio_handler cd /opt/scratchgpio8 python scratchgpio_handler8.py 127.0.0.1 standard & scratch --document "/home/pi/Documents/Scratch Projects/rsc.sb" & ` My problem is that I use sudo pkill to make sure no other instance of scratchgpio_handler.py is running prior to launching it

its probably possible to amend that so that it checks if the handler is already running and only launches if its not presently running

However, that is how I ensure that even if the handler has encounted an unexpected error and one of its threads halts - it will all be sorted out by users simply re-launching from desktop icon

in your use situation (simple addon like Pibrella that doesn't use i2c etc) then its 99.9% certain that it won't error out

I'll see what I can come up with

I'm thinking way forward is for me to create a fork of v8 called v8network and then we can work on that branch

cymplecy commented 6 years ago

PS I'm from Newcastle with relatives to stay at :) so I'm more than willing to pop up and work on site with you to get this running :) I only work Thurs pm (I'm newly retired) so Mon,Tue,Wed or Fridays would be fine by me :)

cymplecy commented 6 years ago

JFI - My first ever computer experience is when our A level maths teacher managed to get our class, 4 Monday afternoons sessions at your place in 1976 (using a Nova mini-computer IIRC) - it was the pivotal moment in my computing career :)

threepistons commented 6 years ago

its probably possible to amend that so that it checks if the handler is already running and only launches if its not presently running

However, that is how I ensure that even if the handler has encounted an unexpected error and one of its threads halts - it will all be sorted out by users simply re-launching from desktop icon

At the moment, the handler is left running after Scratch exits. One of the things I have tried is to ensure that it closes afterwards.

cymplecy commented 6 years ago

At the moment, the handler is left running after Scratch exits. One of the things I have tried is to ensure that it closes afterwards.

Good idea :) And since the process isn't running under root anymore - pkill doesn't need sudo so we all good

Is rsc.sb getting loaded OK or do I need to change the installer to put it somewhere else?

And - how are you actually installing ScratchGPIO - one at a time on each Pi or do you just create a master image and push it out?

threepistons commented 6 years ago

ATM I am installing it by hand to the one on my desk. When I am happy with how it works, I will create a Puppet module that will automate the installation to a select few (to check that the Puppet works) and then the rest.

This afternoon, I will clone and retest your latest v8net and then send you the changes needed to cope with world-readable default projects.

cymplecy commented 6 years ago

You seem to have it all in hand - so I'll leave it to you - come back to me if you need anything else :)

threepistons commented 6 years ago

Hello. I'm not sure how your build process works. I'm trying to put the changes into the installer archive but the build.sh isn't doing it. How do I build the installer archive?

threepistons commented 6 years ago

How do I build the installer archive?

I have since seen the $1 argument. Sorry...

cymplecy commented 6 years ago

example cd installer ./build.sh 8newcastle

would produce install_scratchgpio8newcastle.sh

in the installer folder

When that installer is run on end user system - it would create an /opt/scratchgpio8newcastle folder and add two desktop icons to launch standard and plus versions

Simon

On 12 January 2018 at 17:52, threepistons notifications@github.com wrote:

Hello. I'm not sure how your build process works. I'm trying to put the changes into the installer archive but the build.sh isn't doing it. How do I build the installer archive?

— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/cymplecy/scratch_gpio/issues/15#issuecomment-357306908, or mute the thread https://github.com/notifications/unsubscribe-auth/ACP4tDoBKNTqxReja7XpjSMsXJFV489pks5tJ5vGgaJpZM4RTONY .

cymplecy commented 6 years ago

the installer builder itself is in payload and called installer.sh

That's the file that needs modifying to modify the actual installer script

On 12 January 2018 at 18:09, threepistons notifications@github.com wrote:

How do I build the installer archive?

I have since seen the $1 argument. Sorry...

— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/cymplecy/scratch_gpio/issues/15#issuecomment-357308125, or mute the thread https://github.com/notifications/unsubscribe-auth/ACP4tMjD2jqMptvnHZFYKNHsDrH-eaX3ks5tJ51IgaJpZM4RTONY .