[Xastir] Help with permissions

Rob Noll rob at nollmail.com
Tue Aug 15 13:21:45 PDT 2017 

Good afternoon,

 

My name is Rob, WX1N, and I've been a ham for around 25 years.  I'm new to
APRS and not experienced with Linux.  I'm hoping someone can provide me with
some advice on what I hope is a simple question.

 

I am using Xastir, a Raspberry Pi 3, and a Mobilinkd TNC.  I am still
getting things fine tuned but I have the overall setup operational.

This setup is located in my pickup and as such does not always have internet
access.  The Raspberry Pi does not have a real clock, and therefore if it is
started without internet access, the date and time are incorrect.  This
results in an invalid timestamp on my packets, which results in them not
showing on aprs.fi.

 

It appears I can attempt to solve this in a number of different ways - set
the SUID bit on the Xastir binary so Xastir can set the system time; set up
GPS software that will masquerade as an NTP server allowing the Pi to set
the clock from the GPS itself; run a batch script at startup to manually
read the GPS and set the system time; configure Xastir to use the "fixed
station" option so it does not send a time stamp; figure out which command
Xastir uses to set the time and configure the Pi to allow any user to use
that command.

 

I was successful in getting the Pi to allow any user to use the "date"
command, but this did not enable Xastir to set the system time, so it must
use a different method.  I have the GPS working fine with Xastir so I don't
want to set up scripts or utilities and risk monopolizing the GPS device so
that Xastir can't connect to it.  As near as I can tell, the "fixed station"
option sends an APRS location only packet without timestamp, which I suppose
would work but doesn't seem like a proper solution.

 

At the moment, my solution is to set the SUID bit on the Xastir binary.
This is allowing Xastir to set the system time and seems to solve my
problem.  However, I'm unclear as to whether this is an excessive security
risk and/or a bad method of doing things.  One Xastir page mentions that
this method is necessary to use an AX.25 server, but another page mentions
in capital letters not to run Xastir as root.  I do not know if setting the
SUID bit is the same as running it as root but it seems like it would be.

 

If anyone could shed some light on whether my method is a good practice or
not, whether it's practically safe or not, and whether there's a better way
to solve my original problem, I would be grateful.

 

73,

 

Rob, WX1N

More information about the Xastir mailing list