CRIO tips: Running Linux Commands As Root From LabVIEW
Neil Crossan was one of the people responsible for the forum posts around setting up a Virtual CRIO, which I previously posted about. He saw my post and sent me some more tips and tricks. I thought I would share some of them with you here. Many thanks to Neil for sharing his knowledge. Also, general Linux knowledge is really helpful. If you want to brush up, here is a good book.
Linux uses privileges to determine which user can run which commands. It’s a security thing. If an account gets taken over, you want to limit the damage it can do. Normally if you were to ssh into a cRIO you could log in as admin with an empty password. That would give you root access which allows you to run any command. The security implications of this should be obvious, so PLEASE immediately change the password for the admin account using the
passwd command. Don’t lose your new password. If you do, you can recover but it requires a call to NI and reformatting your cRIO.
Normally you could ssh in as admin and run any command you want, but what if you want your LabVIEW program to execute a shell command? Well you can use trusty old System Exec. You pass it the command you want and it will run it. It works great until you try to run a command that requires root privileges.
Why? LabVIEW RT code runs as lvuser, which is an unprivileged user. That is a lot of commands won’t run as lvuser. How do we get around that? In the terminal you can use
su admin to switch to the admin user and run the command. However that won’t work with System Exec, since it requires a terminal to manually enter the password. The answer is sudo.
Sudo allows us to prefix a command with
sudo in order to run it as root. To set it up first log in as admin. Install sudo with
opkg install sudo. Then we need to add lvuser to the sudoers list. The command below will add a line to the sudoers file which grants lvuser permission to run any command as root, simply by prefixing the command with sudo.
echo 'lvuser ALL=(ALL) NOPASSWD: ALL' >> /etc/sudoers"
Be careful with this. If you make a typo, it can hose your sudoers file which can cause all kinds of problems. A safer way to do this is to use the visudo command. That will open the sudoers file in a special text editor. It will check for typos when you close and prevent you from hosing the file. You can use visudo and add
lvuser ALL=(ALL) NOPASSWD: ALL to the bottom of the file and save it.
Either way, once lvuser is set in the sudoers file then anytime you want to run a command that requires root access via System Exec, just prefix it with sudo.
NOTE: This technique allows lvuser to run any command that requires root privileges without a password. This could be dangerous. Not just from a security point of view but also just from the fact that it gives you the ability to run commands that could hose your system. So a. be careful and b. you may want to limit what commands lvuser can run as root without a password. If you Google sudo and the sudoers file you’ll find information on how to do that.
Here is a forum post with some more details on setting up sudo.
If you would like help setting up a CRIO system and using Linux RT, give us a call. We’d be glad to talk about how we can help.