SysProcess Execute Command unable to run commands with special characters

jackm
2022-12-01
2025-09-12
  • jackm - 2022-12-01

    Hello,

    I am using SysProcessExecuteCommand to run linux commands through Codesys, and have no issues when Command=AllowAll. However, when I try to limit the commands allowed to execute, any commands with a special charater (ex. "*", ";", or "|") no longer works. I receive a pResult of 25 (INT), which from my research means "No access rights for this operation".

    Just as an example, the command 'find /Test_Folder/*.v' would execute fine with Command=AllowAll, but will not execute when given a Command.0=find instead. The find command will still execute in both situations if the * is removed.

    Below are what I have written in the CODESYSCONTROL.cfg file:
    [SysProcess]
    Command.0=cd
    Command.1=ls
    Command.2=find
    Command.3=iptables
    Command.4=echo
    Command.5=touch
    Command.6=printf
    Command.7=ftp
    Command.8=|
    Command.9=;
    Command.10=*
    Command.11=\
    *
    Command.12=\;
    Command.13=\|

    I am currently using Codesys V3.5 SP16 Patch 4 and running version 3.6.16.0 of the SysProcess Implementation Library. The device I'm running is CODESYS Control for Linux SL

    Can I get help on how to allow the use of special characters in my commands?

    Thanks,

     

    Last edit: jackm 2022-12-04
  • tomas111 - 2022-12-02

    Did you manage to solve the issue?

     
  • jackm - 2022-12-02

    No, I have not figured out a way to resolve this issue yet.

     
  • tomas111 - 2022-12-03

    I have a general problem with temperature. Raspberry 4. I did everything as in the settings but does not show. Maybe I'm editing the file in the wrong way?

     
  • tomas111 - 2023-04-22

    tried on version CS 18 SP4 with targeter 4.7.0.0?

     
  • edson-bueno - 2025-05-20

    Hi,

    I found the same issue, and I fixed with this steps:
    1st go to codesys .cfg file.

    sudo nano CODESYSControl.cfg

    Then insert this:
    [SysProcess]
    BasePriority=Realtime
    Command=AllowAll

    Now we need to grant codesys root rights on Linux.

    Step 1:
    Create or edit the systemd override configuration:
    sudo systemctl edit codesyscontrol

    In the editor that opens, insert:
    [Service]
    User=root

    Save and exit:

    Press Ctrl+O to save

    Press Ctrl+X to exit

    Step 2: Reload systemd and reboot
    To apply the override:
    sudo systemctl daemon-reexec
    sudo systemctl daemon-reload
    sudo reboot

    Step 3: Confirm CODESYS is running as root
    After reboot, open the terminal and run:
    ps aux | grep codesyscontrol

    You should see something like:
    root 1234 ... /opt/codesys/bin/codesyscontrol.bin ...

    If instead it shows admin or another user, the override was not applied correctly.

    Step 4: (Optional) Confirm from within CODESYS
    In your CODESYS project, insert this test code to run the Linux command whoami:

    Make sure the lib SysProcessImplementation, SysTypes, and CmpErrors is on the project.

    VAR
    sCommand : STRING := '/usr/bin/whoami';
    sOutput : STRING(255);
    refCommand : REFERENCE TO STRING;
    refOutput : REFERENCE TO STRING;
    resultCmd : UDINT;
    END_VAR

    refCommand REF= sCommand;
    refOutput REF= sOutput;

    SysProcessExecuteCommand2(
    pszCommand := refCommand,
    pszStdOut := refOutput,
    udiStdOutLen := SIZEOF(sOutput),
    pResult := ADR(resultCmd)
    );

    Notes & Warnings
    This method gives full system access to the CODESYS runtime β€” do not expose this system to the public network without protection.

    Do not use sudo in commands inside CODESYS when the runtime is already running as root.

    @tomas111, in case you want to read the temperatur, use this command:
    sCommand:STRING:='/usr/bin/vcgencmd measure_temp';

     
  • kurtk - 2025-09-12

    Thank you for this additional information.
    Could you please provide the references to the official documentation
    where you found this information ?

    I got as far as:

    Then insert this:
    [SysProcess]
    BasePriority=Realtime
    Command=AllowAll

    devoid of references of where the CodesysContol.cfg file
    was located or of the need to run codesys as root
    I incrementally located bits of information with perplexity searches but remained mired at error 25 ERR_NO_ACCESS

    I am curious whether root access is MANDATORY to run
    SysProcessExecuteCommand (- and/or any other SysProcess functions)
    or if a more access-constrained
    User=quasiroot
    could suffice without the security concerns ?

    Apparently codesys runs fine without User=root for almost everything...
    That raises the question: What IS the default codesys user ?

    I notice in the prototypes:
    VAR
    sCommand : STRING := '/usr/bin/whoami';
    sOutput : STRING(255);
    refCommand : REFERENCE TO STRING;
    refOutput : REFERENCE TO STRING;
    resultCmd : UDINT;
    END_VAR

    whenever I attempt to build this Codesys v3.5 SP2 whines that
    "cannot convert type REFERENCE TO STRING to STRING"
    don't remember the exact message...
    Apparently this happens whenever a fixed-length string is
    involved. if I get rid of (255) and just
    set the string := ' '; that is sufficient to make the compiler happy.
    Is this a recently enforced constraint ?
    Why does this compile for you and not for me ?

    There are references to functions / utilities which are used/needed to massage the string references - but I see no specific details...

    I also notice you specify:
    Make sure the lib SysProcessImplementation, SysTypes, and CmpErrors is on the project.

    I don't comprehend why all of the dependent libraries are not automatically referenced, added ?
    I don't recall seeing anywhere but here that SysProcessImplementation must be included...
    It just seems odd that the default is to exclude essential libraries, or require alchemical conjuring to assemble all the ingredients for gnat soup ;-)

    Thanks a lot... I'm still a codesys newby getting my wheels on - or sometimes just partially on

     

Log in to post a comment.