Debugging in pyCharm with sudo privileges? - linux

I've tested code that requires root access in pyCharm by running sudo pycharm.sh but this is not the way I would recommend of doing so.
I know it's possible to debug with sudo privileges by running the python interpreter as sudo in pyCharm but how do we do this?

Create a shell script that does "sudo python" and forwards the arguments, and configure that script as a Python interpreter in PyCharm.
Name of this shell script should start with python (source: http://forum.jetbrains.com/message/PyCharm-424-3).

In PyCharm new version, it has a configure to run Python interpreter in root, no need workaround. See picture below. Check to checkbox: Execute code using this interpreter with root privileges via sudo

For what it's worth, I've managed run a python script with sudo priviledges (on Ubuntu 16.04) like this:
In the very first line in the script, define the interpreter like this:
#!/usr/bin/sudo python
Make the script executable:
chmod +x myscript.py
Run the script directly, without specifying the python interpreter yourself:
./myscript.py
The script will ask for sudo password and continue running with elevated priviledges.

I solved this problem by copying /usr/bin/python3 in my home, then setting cap_net_bind_service capability:
cp /usr/bin/python3 ~/python35-setcap
sudo setcap 'cap_net_bind_service=+ep' ~/python35-setcap
And then using ~/python35-setcap as python interpreter in pycharm.
This way, you can bind lower ports, but not any python 3 program can do it, and pycharm can still kill your script. You could also restrict execute permission to yourself if you want more security.

I have encountered the same problem trying to debug Bluetooth related code on a Raspberry Pi. I suppose, since you're doing remote debug on the device, that the device is for development use only. In such a case, in my humble option, you should permit ssh root login, so you can configure PyCharm to use the root user and you don't need to sudo. That's the solution I have chosen.
The following instructions are for a Raspberry Pi, but the procedure is the same for any Linux distribution:
First of all, add your public key to the authorized_keys:
cat ~/.ssh/id_rsa.pub | ssh pi#raspberrypi "mkdir -p ~/.ssh && cat >>
~/.ssh/authorized_keys"
Then login into the Raspberry Pi:
ssh pi#raspberrypi
Once you have a console copy your key into the root directory:
sudo mkdir /root/.ssh
sudo cp authorized_keys /root/.ssh/
Finally edit sshd_config adding PermitRootLogin without-password:
sudo vim /etc/ssh/sshd_config
Use your preferred editor.
Now you are able to ssh inside the Raspberry Pi as root:
ssh root#raspberrypi
Using root instead or pi user, give you the ability to run your code, even remotely, with root privileges, as
required by BlueZ.

I have encounter another way to solve this issue so I thought to share it (this answer is more like an alternative for the other answers).
It is worth to mention here that this solution "attacks" the problem by running only a certain Python script (within the pPyCharm IDE) in root mode , and not the entire PyCharm application.
1) Disable requiring password for running Python:
This will be achieved by editing the /etc/sudoers.d/python file. What we need to do is to add an entry in that file as follows:
user host = (root) NOPASSWD: full_path_to_python, for example:
guya ubuntu = (root) NOPASSWD: /usr/bin/python
NOTES:
user can be detected by the command: whoami
host can be detected by the command: hostname
2) Create a "sudo script": The purpose of this script is to give Python privilege to run as root user.
Create a script called python-sudo.sh , and add the following into it:
#!/bin/bash
sudo /usr/bin/python "$#"
Note again that the path is the path to your Python as the previous phase.
Also, this path is the path to Python2 on the system.
Don't forget to give execution permissions to this script using the command: chmod
chmod +x python-sudo.sh
3) Use the python-sudo.sh script as your PyCharm interpreter:
Within PyCharm go to: File --> Settings --> Project interpreter
At the right top hand side click the "setting" icon, and click "Add local".
In the browser option choose the python-sudo.sh script we have created previously. This will give PyCharm the privilege to run a Python script as root.
4) Debug the test: All there is left to do is actually debug the specific Python script in the PyCharm IDE. This can be done easily via Right-click on the script to debug --> hit Debug sample_script_to_debug.py

For those looking for a cleaner solution and don't mind entering a password each time.
Go to your Run Configuration > Edit Configurations
Under 'Execution', check the Emulate terminal in output console option.
This will allow you to debug a Python script while maintaining your current user and giving elevated sudo privileges to the script when it's needed. It also makes it easier to maintain different virtual environments if you work across multiple projects.

Terminal:
sudo ./Pycharm
this way you can start PyCharm as SuperUser

I follow the instructions here and success. But there is a problem that the PYTHONPATH is not valid when you use sudo. So when you edit with
sudo visudo -f /etc/sudoers.d/python
add that:
user host = (root) NOPASSWD:SETENV: /home/yizhao/anaconda3/bin/python
also your script should be:
#! /bin/bash
sudo PYTHONPATH=$PYTHONPATH /home/name/anaconda3/bin/python "$#"

Similar to what #Richard pointed out, the answer posted here worked for me
sudo /Applications/PyCharm.app/Contents/MacOS/pycharm on MacOS

Related

acess a protect folder using sudo in wsl

i'm using linux shell in my windows (wsl) and i'm trying to make a cd to a directory that needs permission.
I've saw some solutions here including using sudo su, to became a super user, but even with this code i'm not sucessful
sudo su
cd ./rootfs
I'm stuck in this problem fro a while, so what's is going on?
root#LAPTOP-FGSL14B2:/mnt/c/Users/giova/Appdata/Local/Packages/CanonicalGroupLimited.UbuntuonWindows_79rhkp1fndgsc/LocalState# cd ./rootfs
bash: cd: ./rootfs: Permission denied
It is a special folder, see: superuser.com/a/1446574/1083266
(I wanted to mark the question as a duplicate, but that is only valid for existing answers on stackoverflow)
I suspect that the folder you are trying to access required elevated permissions to view. Is the shell running as admin?
Sudo will not elevate the shell to allow for access to windows folders that the process does not have access to.
In the start menu right click the wsl or bash exe and select "run as admin" see if that works for you.

VS Code on linux, various permissions errors

Is there any way to get vs code to work properly in linux? I can't run sudo code . because that gives me an error saying it's not secure to do so, I can't do anything within the editor to force doing things, like staging a file in git, or reloading a newly installed extension. I've googled around, and it seems nobody else has posted about this, and it seems highly unlikely that I'm the first to raise issue about this. (Take it easy on me, I'm a relatively new linux user). I'm trying to figure this out on Ubuntu 18.04 if that's relevant at all. My version of vs code is 1.30.2
I guess my main question is what's the right way to get applications like vs code to be able to perform tasks that required doing things without fighting the OS about sudo and privileges?
Launch via sudo from terminal
To launch VSCode as root --which is highly discouraged-- you must specify an alternate user data directory as follows:
$ sudo code --user-data-dir /path/to/alternate/folder
VSCode will automatically generate the required folders in the selected directory and launch with root privileges.
Change permissions to fix "permission denied" error
The solution in this case is to manually change the permissions of the two directories /home/$USER/.config/Code/ and /home/$USER/.vscode/. Perform these steps:
$ sudo chmod 755 /home/$USER/.config/Code
$ sudo chmod 755 /home/$USER/.vscode
To answer your other question:
If you really need to run several commands as root and you are annoyed by having to enter your password several times (when sudo has expired), just do sudo -i and you'll become root.
If you want to run commands using pipes, use sudo sh -c "comand1 | command2".
You may also want to take a look at this Ask Ubuntu answer about running applications as root.
I solve this problem using:
sudo chown -R YOUR_USER YOUR_PROJECT/
You basically need to tell the OS that you are the owner of the files you create. Use sudo chown <user name> <projects directory>
However, if you already created some files before applying chown, don't forget to change their permission also sudo chown <user name> <projects directory>/<file name>.

Running Pycharm as root from launcher

How is it possible to run Pycharm from the launcher with root privileges?
I can do that from the terminal window, with sudo ./pycharm.sh, but I'd like to do the same directly from the launcher.
I have encountered another way to solve this issue so I thought to share it (this answer is more like an alternative for the other answers).
It is worth to mention that this solution "attacks" the problem by running only a certain Python script (within the PyCharm IDE) in root mode , and not the entire PyCharm application.
1) Disable requiring password for running Python:
Recommend using the visudo program to edit the file to ensure syntax is correct. Otherwise you may be locked out of using sudo.
visudo /etc/sudoers.d/python
What we need to do is add an entry in that file as follows:
user host = (root) NOPASSWD: full_path_to_python , for example:
guya ubuntu = (root) NOPASSWD: /usr/bin/python
NOTES:
user can be detected by the command: whoami
host can be detected by the command: hostname
2) Create a "sudo script": The purpose of this script is to give python privilege to run as root user.
Create a script called python-sudo.sh , and add the following into it:
#!/bin/bash
sudo /usr/bin/python "$#"
Note, again, that the path is the path to your Python as the previous phase.
Don't forget to give execution permissions to this script using the command: chmod, i.e.-
chmod +x python-sudo.sh
3) Use the python-sudo.sh script as your PyCharm interpreter:
Within PyCharm go to: File --> Settings --> Project interpreter
At the right top hand side click the "setting" icon, and click "Add local".
In the browser option choose the python-sudo.sh script we have created previously. This will give PyCharm the privilege to run a python script as root.
4) Debug the test: All there is left to do is actually debug the specific Python script in the PyCharm IDE. This can be done easily via Right-click on the script to debug --> hit "Debug sample_script_to_debug.py"
Try: gksudo ./path/to/pycharm/executable
More about gksudo
If you're on ubuntu and don't have gksudo install it using:
apt-get install gksu
Here is an example launcher configuration (under: ~/.local/share/applications/jetbrains-pycharm-ce.desktop):
[Desktop Entry]
Version=1.0
Type=Application
Name=PyCharm Community Edition
Icon=/home/YOUR_USER/pycharm/bin/pycharm.png
Exec=gksudo -k -u root "/home/YOUR_USER/pycharm/bin/pycharm.sh" %f
Comment=Develop with pleasure!
Categories=Development;IDE;
Terminal=false
StartupWMClass=jetbrains-pycharm-ce
ce indicates community edition, yours may differ.
As of this post (June 28 2018) I am running Pycharm-2018.1.4 on Ubuntu 18.04 Bionic Beaver. The solution that worked for me was to simply edit the sudoers.d file and add the following to the last line:
user host = (root) NOPASSWD: full_path_to_python
for example:
guya surface-pro = (root) NOPASSWD /usr/bin/python3.6
I had the need to run a script from PyCharm as root like the OP, but the accepted answer didn't work for me because 1.) I had installed PyCharm via flatpak and 2.) The gksu command isn't available on newer versions of Ubuntu and Mint.
I couldn't find a way to make things work consistently with the flatpak install so I uninstalled the PyCharm flatpak and then reinstalled PyCharm the "normal" way. The accepted answer relies on the gksu command which is not available on my OS (Mint 19.2). Thankfully pkexec is a suitable alternative and was already available on my system. I then updated my launcher file (~/.local/share/applications/PyCharm.desktop) as follows. The important bit is the Exec line:
[Desktop Entry]
Name=PyCharm
Exec=pkexec env DISPLAY=$DISPLAY XAUTHORITY=$XAUTHORITY /opt/pycharm-community-2019.2.2/bin/pycharm.sh
Comment=PyCharm
Terminal=false
Icon=/opt/pycharm-community-2019.2.2/bin/pycharm.png
Type=Application
The pkexec command will cause a popup to appear prompting you for your password each time you launch PyCharm via the .desktop file.
Here's a sample git repo that is a proof-of-concept for how to do this. Should be as simple as following the instructions in the README.md. My team needed to do this for one of our products and we used that as the workflow.
Hope this helps! https://github.com/samayer12/sudome
This answer builds upon the description here that was first pointed out by Ed Jones.
I have Pycharm-community 2020.
I edited the
/var/lib/snapd/desktop/applications/pycharm-community_pycharm-community.desktop
file with nano
just modified the Desktop Entry as follow:
[Desktop Entry]
X-SnapInstanceName=pycharm-community
Version=1.0
Type=Application
Name=root PyCharm Community Edition
Icon=/snap/pycharm-community/222/bin/pycharm.png
Exec=sudo env BAMF_DESKTOP_FILE_HINT=/var/lib/snapd/desktop/applications/pycharm-community_pycharm-community.desktop /snap/bin/pycharm-community %f
Comment=root Python IDE for Professional Developers
Categories=Development;IDE;
Terminal=false
StartupWMClass=jetbrains-pycharm-ce
StartupNotify=true
that is: added the sudo command in front of the EXEC item, put "root" in front of couple of fields (see above) and saved with a different name:
/var/lib/snapd/desktop/applications/root_pycharm-community_pycharm-community.desktop
now I have two icons in the launcher, one that is the standard and the other one with "root" as leading word in the description and runs as root.
Note:
the original desktop launcher (which is still there):
[Desktop Entry]
X-SnapInstanceName=pycharm-community
Version=1.0
Type=Application
Name=PyCharm Community Edition
Icon=/snap/pycharm-community/222/bin/pycharm.png
Exec=env BAMF_DESKTOP_FILE_HINT=/var/lib/snapd/desktop/applications/pycharm-community_pycharm-community.desktop /snap/bin/pycharm-community %f
Comment=Python IDE for Professional Developers
Categories=Development;IDE;
Terminal=false
StartupWMClass=jetbrains-pycharm-ce
StartupNotify=true

Permissions Error in Perl Script for Linux

I'm trying to install the Touchmouse server for Linux. The software is a perl script that I have tried to run via terminal, using the perl command. The software I'm trying to run is here: https://github.com/mycroes/touchmoused
This is the output from terminal:
:~/Desktop/touchmoused-master$ perl touchmoused
Can't open /dev/uinput: Permission denied at touchmoused line 242.
:~/Desktop/touchmoused-master$ Established under name '<name of computer>'
I am new to Linux but have some experience with Terminal.
Thanks!
From the creator of the script:
Just download it, chmod +x and run it (as root, it needs access to /dev/uinput and it wants to register with avahi).
Regards,
http://blog.mycroes.nl/2011/04/touchmoused-logitech-touch-mouse-server.html
Your user won't have permissions for /dev/uinput, also check that /dev/uinput is the correct location for your distribution, the script allows you to override this with the -device flag.
So either make it executable so you don't have to enter 'perl' and then run with sudo or have root run it on startup.

Best way elevate the privileges programmatically under different versions of Linux?

There is a standard way (working across Linux distributions) to launch a process (from another application) asking for the root password in order to elevate privileges?
I tried to use gksudo (it is installed in ubuntu by default), but under other distributions (or under other desktop manager) it may not be installed.
I would recommend looking at PolicyKit which is what most modern distros are using to accomplish this.
That works everywhere but does not cache the password and asks for the root and not the user password (as sudo does):
su - -c command
EDIT: Not on ubuntu where the root-account is disabled. Probably you need something like that:
test -x /usr/bin/sudo && sudo command || su - -c command
The only default thing is text mode su. Most distros have also sudo installed.
Now, in KDE based distros you'll have kdesu, while in GNOME based it'll be gksu and gksudo. Machines in Kerberized domains have ksu.
You might try to use /etc/sysconfig/desktop to see which is the default desktop.
Traditionally, if your application needs to allow a user to elevate privileges, it installs its own single-purpose setuid executable -- single-purpose meaning that it performs the task needed, instead of acting as a general-purpose launcher.
$ su -
# cp `type -p id` /usr/local/bin/root-id
# chown root:users /usr/local/bin/root-id
# chmod 4750 /usr/local/bin/root-id
$ /usr/local/bin/root-id
... euid=0(root) ...
OTOH setuid executables have also been a common source of security holes too, so exercise care.

Resources