Duet3D Logo Duet3D
    • Tags
    • Documentation
    • Order
    • Register
    • Login

    block config [SBC mode]

    Scheduled Pinned Locked Moved Solved
    Tuning and tweaking
    3
    7
    235
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • Tinchusundefined
      Tinchus
      last edited by dc42

      Hi. Is there a way to block the edition of config.g file? I was thinking on loging in ssh and change permissions of the file. I tried that, changed the user to root and group to root (I know, not the best security practice but was just a test). I gave the file only reading permissions so the dsf user would still be able to read it, then I tried to edit the file through DWC and the edition was posible, I saved the file. I though it would not be possible... then in the ssh console I saw the user and group were reversed to dsf...
      Ideas?
      Thanks in advance.
      Objective is to avoid students to change the configuration

      dc42undefined chrishammundefined 2 Replies Last reply Reply Quote 0
      • dc42undefined
        dc42 administrators @Tinchus
        last edited by

        @Tinchus as you mentioned SSH I presume you are running the Duet with attached RPi or other Single Board Computer. Can you confirm that?

        Duet WiFi hardware designer and firmware engineer
        Please do not ask me for Duet support via PM or email, use the forum
        http://www.escher3d.com, https://miscsolutions.wordpress.com

        Tinchusundefined 1 Reply Last reply Reply Quote 0
        • Tinchusundefined
          Tinchus @dc42
          last edited by

          @dc42 Sorry, my bad. Im using duet3 in SBC mode (raspberry pi 3 B+), 6 printer on this config, rrf 3.4.6

          dc42undefined 1 Reply Last reply Reply Quote 0
          • dc42undefined
            dc42 administrators @Tinchus
            last edited by

            @Tinchus I've asked @chrishamm to respond.

            Duet WiFi hardware designer and firmware engineer
            Please do not ask me for Duet support via PM or email, use the forum
            http://www.escher3d.com, https://miscsolutions.wordpress.com

            1 Reply Last reply Reply Quote 0
            • chrishammundefined
              chrishamm administrators @Tinchus
              last edited by

              @Tinchus You should be able to remove the write flag for config.g (sudo chmod -w /opt/dsf/sd/sys/config.g via SSH), then nobody should be able to modify that file again. Users in standalone mode can remove the SD card, insert in a PC, and set the "read-only" flag for config.g using right-click -> file properties if they need a similar limitation.

              Duet software engineer

              Tinchusundefined 1 Reply Last reply Reply Quote 0
              • Tinchusundefined
                Tinchus @chrishamm
                last edited by Tinchus

                @chrishamm Hello. Thta was what I tried at second try: removing all W permissions (my forst try was to change the owner of the file to root).
                None of both solutions worked, I can still modify the config.g throught the web interface, cant figure it out why, since the interface seems to be running under the dsf user

                After running the file is like this:

                -r--r--r-- 1 dsf dsf 6129 Dec 11 15:55 config.g

                After editing the file throught the web interface, permissions are somehow restored:

                -rw-r--r-- 1 dsf dsf 6130 Dec 11 16:00 config.g

                And if I change W permission and also the ownership to root and group root, edition is still posible but the file is moved into a backup:

                -rw-r--r-- 1 dsf dsf 6129 Dec 11 16:03 config.g
                -r--r--r-- 1 root root 6130 Dec 11 16:00 config.g.bak

                1 Reply Last reply Reply Quote 0
                • Tinchusundefined
                  Tinchus
                  last edited by

                  Solved: the solution is using the inmutable bit on the file

                  1 Reply Last reply Reply Quote 0
                  • Phaedruxundefined Phaedrux marked this topic as a question
                  • Phaedruxundefined Phaedrux has marked this topic as solved
                  • First post
                    Last post
                  Unless otherwise noted, all forum content is licensed under CC-BY-SA