ioperm: Operation not permitted

**j1s** · 09-11-2009

Hi.

Sorry if this is of topic....

I have made a program that controls some step-motors on the parallel port. Everything is working fine when I use the command

Code:

sudo ./cam-control

But...

When I try to run the program as a normal user...

Code:

./cam-control

I get the following error:
ioperm: Operation not permitted

I think it has something with reading/writing to the parallel port.

How do I let normal users run this program?

j1s

**Rubberman** · 09-11-2009

Low-level io calls are privileged - they have to be run by root. This is to keep badly written user applications from munging the system to a FUBAR state. I'm not sure if making root the owner of the process will help, but normally what I would do here is to create a server process run by root (or sudo'd) that does the actual port manipulations (kind of like a print server), and have my applications send messages to the server that tell it what ports to twiddle. If you don't want the IPC overhead that entails, then you can make root the owner of the process and enable the setuid bit on it ( chmod +s procname ). Bear in mind that this is a security hole and only do that if you have carefully vetted the process and make it only executable by members of the camcontrol group (for example).

**j1s** · 09-12-2009

Thank You. I will try to chmod +s procname (/dev/lp0 ?)

j1s

**CSMG Sarma** · 09-14-2009

Originally Posted by j1s

Thank You. I will try to chmod +s procname (/dev/lp0 ?)

No, you don't have to do that. try "ppdo" for parallel port and "iodo". I am not clear about iodo but ppdo can help you. All you have to do is

$ ppdo procname (/dev/lp0)

cheers,
Sarma

**Rubberman** · 09-14-2009

Originally Posted by CSMG Sarma

No, you don't have to do that. try "ppdo" for parallel port and "iodo". I am not clear about iodo but ppdo can help you. All you have to do is

$ ppdo procname (/dev/lp0)

cheers,
Sarma

What distribution is that for? They don't seem to be valid commands for RHEL/CentOS.

**CSMG Sarma** · 09-18-2009

Originally Posted by Rubberman

What distribution is that for? They don't seem to be valid commands for RHEL/CentOS.

Sorry for the delayed response,
I am working on Debian 5.0 system.

**tetsujin** · 09-18-2009

Originally Posted by CSMG Sarma

No, you don't have to do that. try "ppdo" for parallel port and "iodo". I am not clear about iodo but ppdo can help you. All you have to do is

$ ppdo procname (/dev/lp0)

cheers,
Sarma

I have Debian - I don't have that command and I don't know in what package it might be found...

But, I can explain how it probably works:

Basically, as has been mentioned, the calls which grant IO permissions to processes are restricted to the superuser - so to run them you either need to be logged in as root, or you need to run a SUID root binary to get those privileges...

The man pages for ioperm and iopl describe the conditions in which the permissions granted may be inherited by other processes: ioperm() doesn't make it across a fork() call, but it does make it past an exec() call. So ppdo presumably is a SUID root binary which calls ioperm() then sets your UID to remove all root privileges, then calls exec() for the program you wanted to run in the first place...

**j1s** · 09-18-2009

Didn't work for me...

When I chmod -s cam-control I get an error telling me that the port is not accessible.

My installastion is a Ubuntu 9.04 with build-essentals

Thread Tools

Display

ioperm: Operation not permitted

Posting Permissions