Running an application using an ordinary user
Kudos everyone
I work in a firm working on specialized software. I work in the security department and my first task is to work on an in-house application. My main job to make the application run under a certain user with the least possible privileges, instead of 'root' which is being used right now.
So far I've managed to make a list of the files the application is trying to access using AppArmor, as well as a list of the things it does using strace. Now I got to a part where I know, for instance, the application is trying to use a setrlimit call to restrict the resources the application uses but since the user is not 'root', it can't.
I wanted to know if there's some way I can give a grant for such an action to the user or if I should instruct the coders to implement this in some other way?
I'm not a coder at all, so I'm really out of ideas. I'd be grateful if anyone can shed some light on my understanding. Thank you all in advance.
Navid
|