LinuxQuestions.org
View the Most Wanted LQ Wiki articles.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software > Linux - Kernel
User Name
Password
Linux - Kernel This forum is for all discussion relating to the Linux kernel.

Notices

Reply
 
Search this Thread
Old 02-21-2013, 09:25 AM   #16
mina86
Member
 
Registered: Aug 2008
Distribution: Slackware
Posts: 393

Rep: Reputation: 157Reputation: 157

Quote:
Originally Posted by syscreat View Post
Sure, but am I looking for how to do this by system calls. And from your suggestion, PAM is available since RHEL 5, for me RHEL 4 support is also required.
There's no system call which changes UID and EUID from non-root to root. The way all the tools that do that do it is by having a setuid bit set which causes EUID to change when they are executed. If possible, however, you want to avoid having your application setuided since it is a security risk and it's much better to relay on existing commands such as the ones already listed in this thread (you might want to use witch to see which is available and then use that one).
 
Old 02-21-2013, 09:48 AM   #17
syscreat
LQ Newbie
 
Registered: Dec 2009
Posts: 12

Original Poster
Rep: Reputation: 0
Quote:
Originally Posted by mina86 View Post
There's no system call which changes UID and EUID from non-root to root. The way all the tools that do that do it is by having a setuid bit set which causes EUID to change when they are executed. If possible, however, you want to avoid having your application setuided since it is a security risk and it's much better to relay on existing commands such as the ones already listed in this thread (you might want to use witch to see which is available and then use that one).
Unfortunately, I can ask user about changing file system permissions. How you can imagine an installer, that ask you to change your system before it can start?
 
Old 02-21-2013, 11:45 AM   #18
sundialsvcs
Guru
 
Registered: Feb 2004
Location: SE Tennessee, USA
Distribution: Gentoo, LFS
Posts: 5,401

Rep: Reputation: 1119Reputation: 1119Reputation: 1119Reputation: 1119Reputation: 1119Reputation: 1119Reputation: 1119Reputation: 1119Reputation: 1119
As a matter of fact, installers should require that you be an administrator, or that you "run-as" the installer under an administrator ID.

If you are a non-privileged user, the installer should either offer to do an install ("for you alone") that you can carry out, or it should politely inform you that you can't do it.
 
Old 02-21-2013, 12:11 PM   #19
syscreat
LQ Newbie
 
Registered: Dec 2009
Posts: 12

Original Poster
Rep: Reputation: 0
Quote:
Originally Posted by sundialsvcs View Post
As a matter of fact, installers should require that you be an administrator, or that you "run-as" the installer under an administrator ID.

If you are a non-privileged user, the installer should either offer to do an install ("for you alone") that you can carry out, or it should politely inform you that you can't do it.
Totally agree your point of view, I also think this solution will be greate, but our marketing came from other galaxy and they require install to ask user about this.
 
Old 02-21-2013, 06:37 PM   #20
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,462
Blog Entries: 54

Rep: Reputation: 2899Reputation: 2899Reputation: 2899Reputation: 2899Reputation: 2899Reputation: 2899Reputation: 2899Reputation: 2899Reputation: 2899Reputation: 2899Reputation: 2899
Quote:
Originally Posted by syscreat View Post
Ok, only one way to use PAM what I found is to change group permissions.
Then you ignored the clue I left for you:
Code:
 ~]$ readlink -f /usr/bin/wireshark 
/usr/bin/consolehelper
 ~]$ rpm -qf /usr/bin/consolehelper --qf="%{name}\n"
usermode
 ~]$ rpm -q usermode --qf="%{description}\n"
The usermode package contains the userhelper program, which can be
used to allow configured programs to be run with superuser privileges
by ordinary users.
but then again that's understandable as the problems you face are not caused by technology (alone):
Quote:
Originally Posted by syscreat View Post
our marketing came from other galaxy and they require
 
Old 02-21-2013, 07:49 PM   #21
mina86
Member
 
Registered: Aug 2008
Distribution: Slackware
Posts: 393

Rep: Reputation: 157Reputation: 157
Quote:
Originally Posted by sundialsvcs View Post
As a matter of fact, installers should require that you be an administrator, or that you "run-as" the installer under an administrator ID.
Not at all, and even the exact opposite. Installer should allow installation without root privileges to user's home directory.
 
Old 02-21-2013, 09:01 PM   #22
frieza
Senior Member
 
Registered: Feb 2002
Location: harvard, il
Distribution: Ubuntu 11.4,DD-WRT micro plus ssh,lfs-6.6,Fedora 15,Fedora 16
Posts: 3,104

Rep: Reputation: 369Reputation: 369Reputation: 369Reputation: 369
Quote:
Originally Posted by mina86 View Post

Quote:
Originally Posted by sundialsvcs View Post
As a matter of fact, installers should require that you be an administrator, or that you "run-as" the installer under an administrator ID.
Not at all, and even the exact opposite. Installer should allow installation without root privileges to user's home directory.
Quote:
Originally Posted by sundialsvcs View Post
As a matter of fact, installers should require that you be an administrator, or that you "run-as" the installer under an administrator ID.

If you are a non-privileged user, the installer should either offer to do an install ("for you alone") that you can carry out, or it should politely inform you that you can't do it.
that's what sundialsvcs actually said
 
Old 02-22-2013, 12:28 AM   #23
bsat
Member
 
Registered: Feb 2009
Posts: 347

Rep: Reputation: 72
Have you tried using the system call "setuid" ? (it might not allow you to become root, but see if it helps you in any way )

Last edited by bsat; 02-22-2013 at 12:29 AM.
 
Old 02-22-2013, 01:48 AM   #24
syscreat
LQ Newbie
 
Registered: Dec 2009
Posts: 12

Original Poster
Rep: Reputation: 0
Quote:
Originally Posted by bsat View Post
Have you tried using the system call "setuid" ? (it might not allow you to become root, but see if it helps you in any way )
Sure, but as you wrote, this system call do not allow to get root permissions.
 
Old 02-22-2013, 06:51 AM   #25
sundialsvcs
Guru
 
Registered: Feb 2004
Location: SE Tennessee, USA
Distribution: Gentoo, LFS
Posts: 5,401

Rep: Reputation: 1119Reputation: 1119Reputation: 1119Reputation: 1119Reputation: 1119Reputation: 1119Reputation: 1119Reputation: 1119Reputation: 1119
Yes, it really does come down to one of three things:
  1. Install the application local to yourself.
  2. Install the application globally, but only if you have root privileges.
  3. Run the installer as root.

"The marketing department" should not be the one to set technical strictures. If there is not an easy, universal way to meet that request, then the bottom line is simply that the request cannot be met. There are plenty of systems out there which require that you be logged-in as certain users to do certain things. Precedents abound.

I've defeated this argument simply by pointing out that the developer-cost for the project is running about $14,000 (USD) per day, and that the time-equals-money is better spent making the product as easy to use "in the technically right way" than to continue to entertain the preferences of someone who really doesn't know the foot on which he stands.

Last edited by sundialsvcs; 02-22-2013 at 06:53 AM.
 
Old 02-22-2013, 10:43 AM   #26
frieza
Senior Member
 
Registered: Feb 2002
Location: harvard, il
Distribution: Ubuntu 11.4,DD-WRT micro plus ssh,lfs-6.6,Fedora 15,Fedora 16
Posts: 3,104

Rep: Reputation: 369Reputation: 369Reputation: 369Reputation: 369
Quote:
Originally Posted by syscreat View Post
Totally agree your point of view, I also think this solution will be greate, but our marketing came from other galaxy and they require install to ask user about this.
this is definately the M$ windoze way of thinking of things, as up until vi$ta, most people were running by default as administrator, so things would just install (at least on home units), even on WINDOWS networks within corporations, an administrator was necessary to install stuff (for the most part), so this is a ridiculous requirement whether you are talking windows OR Linux.

think of it from another standpoint
if this were possible, how many Linux boxes would be owned by hackers/botnets?
 
Old 02-26-2013, 09:40 AM   #27
mina86
Member
 
Registered: Aug 2008
Distribution: Slackware
Posts: 393

Rep: Reputation: 157Reputation: 157
Quote:
Originally Posted by frieza View Post
that's what sundialsvcs actually said
Right, but regardless I don't consider politely informing you that you can't do it as a valid option.

Last edited by mina86; 02-26-2013 at 09:45 AM.
 
Old 02-28-2013, 04:31 AM   #28
syscreat
LQ Newbie
 
Registered: Dec 2009
Posts: 12

Original Poster
Rep: Reputation: 0
ssue is solved by providing a root passphrase directly to su utility. It can be easily reached by using fd_set or pipes and system call forkpty that returns a ready to login shell.

Please check my post that describe this question and shows a solution: http://www.andreypudov.com/2013/02/u...-in-linux.html
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
different root privileges? yaximik Linux - Newbie 1 11-02-2012 08:52 PM
trimmed root privileges camielcastillo Linux - Security 5 11-16-2010 07:47 AM
Running a process with limited root privileges geek.ksa Linux - Security 6 02-19-2009 04:35 PM
Ssh root privileges gabsik Linux - Security 1 05-28-2008 10:19 PM
How to mount without root privileges? ni0wn Slackware 3 09-15-2004 05:03 PM


All times are GMT -5. The time now is 06:44 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration