[etherlab-users] Call control executable as user without admin rights
Richard Hacker
ha at igh.de
Wed Apr 2 15:33:58 CEST 2014
Am 04/02/2014 03:06 PM, schrieb Martin Troxler:
> On 02.04.2014 14:42, Matthias Liermann wrote:
>>
>> Hello,
>>
>> We use Etherlab 2.0 for the automation of a hydraulic test rig. We
>> would like to give users without admin rights the permission to
>> execute control programs which have been built with the Simulink coder
>> and the etherlab toolbox. We set the udev rules from the etherlab
>> documentation to allow user permission for the Ethercat device.
>>
>> KERNEL ==" EtherCAT [0 -9]*" , MODE ="0664" , GROUP =" users "
>>
>> When calling the executable we get the error message:
>>
>> mlockall() failed: Cannot allocate memory
>>
>> Setting SCHED_FIFO with priority 99 failed: Operation not permitted
>>
>> We can change the capability of the executable with setcap (sudo
>> setcap cap_ipc_lock=ep ./Test2ndOrderSystem). But this doesn’t help
>> because we need administrator rights to change that too.
There are three steps that need root capabilities when starting a real
time EtherLab application:
1) Opening EtherCAT
2) Call to mlockall()
3) set scheduling policy to SCHED_FIFO
>>
>> Thank you, Matthias Liermann
>>
> Hi,
>
> Add your user to a group 'realtime', then add a file
> 'realtime_limits.conf' to /etc/limits.d containing
> @realtime - rtprio 99
> @realtime - memlock unlimited
>
> You can also specify a user in a limits.conf file by omitting the @ sign.
Limits are implemented using pam_limits.so, but on our system (openSUSE
12.2) the configuration lies under /etc/security/limits.conf and
/etc/security/limits.d/*.conf
- Richard
More information about the Etherlab-users
mailing list