We’re developing a URCap for a device which requires a DHCP address served to it over Ethernet (there is no way to set a static IP address for this device). We’d like to connect an Ethernet cable directly between this device and the UR Control box, keeping both off the company network. So in this configuration, the device and the UR Control box are the only two nodes on a closed network (ie, there is no DHCP server). Is it acceptable to employ a DHCP server on the UR Control box? If so, can this be deployed as a part of a UR Cap?
The challenge I am faced with is the fact that a DHCP server needs to bind to a local, privileged port (67). In Linux, only the root user can bind a listener to a port lower than 1024. From what I can tell, the robot processes and any URCap daemons all run as a non-privileged user (“ur”). When a non-root user such as “ur” tries to bind a listener to port 67 to listen for DHCP requests, an OS error is thrown, saying that there is insufficient permission to do so.
To clarify, what I’m trying to do is to set up a DHCP server on the robot controller itself to serve IPs to other devices that connect to it via a direct Ethernet connection.
Any further help that you can give to me would be much appreciated!
Every process with the setuid bit set (see setuid on the net) have the owner right. So a chown root and a chmod 4755 to the file will be OK (to be done in sudo mode).
To be done with something like https://github.com/crossbowerbt/dhcpserver
Or just install isc-dhcp-server
Thanks, Frederic – I was able to get this to work. However, it requires manually running commands on the robot controller, which I wanted to avoid. In order to make installation as easy as possible for our URCap customers, I was hoping to have the URCap handle this setup itself during installation of the URCap.
Here are three ways to do what I want which would work manually, but not automatically through a URCap install:
As you mentioned, chown root and setuid root the dhcp server application on the robot controller. This works by entering these commands manually, but I see no way to have this encapsulated into a URCap for automated installation. Ie, I’d really like to avoid having my customers type any Linux commands when installing our URCap.
Running the command: setcap ‘cap_net_bind_service=+ep’ /path/to/dhcp_server will work as well, but again, this command needs to be run one time as root on the robot controller. I see no way to automate this ina URCap installation.
Calling sudo from a thread in the URCap itself would allow me to run any process as root – However, by default, the robot controller’s OS has the /etc/pam.d/sudo config set to require a tty when running sudo. However, the URCap does not have a tty when it runs, and therefore we cannot use sudo – unless the user has changed the configs under /etc/pam.d/sudo. I see no way to automate this from a URCap installation.
Perhaps I am trying to make it too easy for our customers? Is it generally acceptable that an end user must change config files or run Linux commands on the robot controller when installing a URCap?
libpcap is installed … certainly required by Profinet.
So working at the Ethernet level (writing by hand the IP & UDP header) is maybe a solution
have you resolved this issue ? We are trying to make similar thing for our URcap.