LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - General
User Name
Password
Linux - General This Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.

Notices



Reply
 
Search this Thread
Old 01-25-2002, 05:41 AM   #1
raven
Member
 
Registered: Dec 2001
Location: Basel, Switzerland
Distribution: ubuntu
Posts: 297

Rep: Reputation: 31
help with sudo


hello

does anybody know how i have to configure sudo so that unprivileged user can execute one speciefied program that uses other programs which also need root permission to run?

an example is wvdial: it reads/writes from/to privileged files (/etc/ppp/stuff...) accesses a device owned by root (/dev/ttyS1) and then starts a program owned by root (pppd)...

how can i tell sudo, that anyone can access these few files/devices?

thank you
 
Old 01-25-2002, 06:54 AM   #2
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,415

Rep: Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968
although not always suitable, I'd say that a program like wvidial would best be handled just by using the suid bit on the executable, as it's a generally safe program in terms of system security
 
Old 01-25-2002, 07:42 AM   #3
alfie
Debian Developer
 
Registered: Jan 2002
Location: Vienna / Austria / Europe / Earth / Milky Way
Distribution: Debian
Posts: 22

Rep: Reputation: 15
Re: help with sudo

Quote:
Originally posted by raven
does anybody know how i have to configure sudo so that unprivileged user can execute one speciefied program that uses other programs which also need root permission to run?
The manual page for sudoers(5) is quite exaustive to that topic, it should be able to answer all your questions. It would be something like the following line:

Code:
ALL ALL=(root) /usr/bin/wvdial
That would allow all users to run /usr/bin/wvdial as root.

Quote:
an example is wvdial: it reads/writes from/to privileged files (/etc/ppp/stuff...) accesses a device owned by root (/dev/ttyS1) and then starts a program owned by root (pppd)...
On the other hand - for wvdial it wouldn't be really needed to be run as root at all! wvdial only needs access to that device and the files. You can make those files (at least) readable to a special group, chmod g+rw /dev/ttyS1 and make wvdial sgid to that special group which you put all those files in and the user. That has quite some advantages: An exploit in wvdial wouldn't make the system a big security risk and you can
 
Old 01-25-2002, 11:11 AM   #4
raven
Member
 
Registered: Dec 2001
Location: Basel, Switzerland
Distribution: ubuntu
Posts: 297

Original Poster
Rep: Reputation: 31
well thank you, but if I set the mandantory files readable to my users, and i let them execute pppd, the connection always breaks after 1 second...

why is this?

besides: how do you set an executable suid root? thats a question I should have asked long beforte... :-)

thanks to everyone

cya
 
Old 01-25-2002, 04:57 PM   #5
DMR
Member
 
Registered: Jun 2001
Location: Fairfax, California
Distribution: RH 9.0, RH 7.3, Mandrake 8.0
Posts: 986

Rep: Reputation: 30
Quote:
Originally posted by raven
well thank you, but if I set the mandantory files readable to my users, and i let them execute pppd, the connection always breaks after 1 second...

why is this?

besides: how do you set an executable suid root? thats a question I should have asked long beforte... :-)

thanks to everyone

cya
Not sure about the connection break, but here's a snip from somewhere on the SUID/SGID usage (it's also discussed in the chmod man pages):
Quote:
To give a program SUID permissions, do a chmod 4755 The 4 gives the SUID permission. The remaining three numbers follow the normal user-group-world permissions.
After, as root, you set the SUID bit on a program, anyone will then effectively become root while they are executing that program.

Last edited by DMR; 01-25-2002 at 05:10 PM.
 
Old 01-26-2002, 06:25 AM   #6
raven
Member
 
Registered: Dec 2001
Location: Basel, Switzerland
Distribution: ubuntu
Posts: 297

Original Poster
Rep: Reputation: 31
thanks

setting suid works now, but if I dial with another user than root, the pppd dies with exit code 2. i looked at the man pages what this means, it tells me

"error processing options given... two mutually exclusive options given."

and what is that????

dialing as root always works.

thanks for the help

cya

raven
 
Old 01-26-2002, 11:17 PM   #7
DMR
Member
 
Registered: Jun 2001
Location: Fairfax, California
Distribution: RH 9.0, RH 7.3, Mandrake 8.0
Posts: 986

Rep: Reputation: 30
Hm,

I don't use pppd, but:

Does it die for everyone except root? Can each user can have a custom config file in their home directory, or does pppd read from a central config file (in /etc maybe)? If the error is correct, pppd is recieving conflicting instructions from somewhere, and you might have to pick through the file(s) to find the conflict.
Not being familiar with it, that's about all I can offer.
 
Old 01-27-2002, 07:24 PM   #8
raven
Member
 
Registered: Dec 2001
Location: Basel, Switzerland
Distribution: ubuntu
Posts: 297

Original Poster
Rep: Reputation: 31
the users dont have own config files, they dont even have home directories...

any other suggestion?

thanks

raven
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Restricting Editing in Sudo (Advanced Sudo Question) LinuxGeek Linux - Software 4 11-04-2006 04:20 PM
su and sudo muman Linux - Security 9 12-30-2004 11:55 AM
sudo pk21 Linux - Newbie 7 10-07-2003 08:53 AM
need help with sudo mla Linux - Software 4 10-02-2003 12:05 PM
sudo? nabil Linux - Security 1 02-12-2001 02:18 PM


All times are GMT -5. The time now is 01:56 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration