LinuxQuestions.org
Register a domain and help support LQ
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 05-12-2007, 06:37 AM   #1
szp
LQ Newbie
 
Registered: Aug 2006
Distribution: Slackware 11
Posts: 6

Rep: Reputation: 0
A few newbie questions - location of scripts, sources etc.


Hey,

i have made a script (shell) to connect to my home WLAN - it loads the correct modules, does DHCP, etc.. the problem i ran into is.. where should i place it? /etc/? should I make a directory dedicated to my own scripts? also, that script can only be ran as root (modules etc seem to require root privs). for now im good with 'su -c /scriptlocation' but i'm pretty sure theres a way for a normal user to run it with root privs without giving the password everytime..

also, when downloading apps etc i do that as normal user, not root (since everyones shouting DO NOT USE ROOT AS YOUR PRIMARY OR DIE, ..well ok) i've no idea where to put the sources after im done installing it (i always install from source). is there a special directory for that? or should i just delete them? since i dont have to be too concerned about diskspace i feel comfortable having theme *somewhere* i was thinking of using the premade *src directories but there's two of them.. got me lost (/usr/src and /usr/local/src)

anyway, what's up with that 'local' directory anyway, since it's like a copy of /usr?

i know linux is all about 'freedom', but as im new to this, the excessive 'freedom' im facing here just gets me lost..

thanks in advance,
szp
 
Old 05-12-2007, 07:27 AM   #2
fukawi2
Member
 
Registered: Oct 2006
Location: Melbourne, Australia
Distribution: ArchLinux, ArchServer, Fedora, CentOS
Posts: 448

Rep: Reputation: 34
Question 1
On Slackware, put the script in /etc/rc.d

Have a look here too:
http://wiki.linuxquestions.org/wiki/...tartup_scripts
Since I wrote most of that I don't want to copy & paste it here, I'll just link you to it
Startup scripts run as root, so there's no problem there. If you want users to be able to run it, you'll need to look in to sudo. You should create an entry in the sudoers file along the lines of:
Code:
# %user_group        ALL=/etc/rc.d/script       NOPASSWD: ALL
Question 2
It doesn't really matter, as long as you're happy. Historically /usr/src is what the Distribution has done, and /usr/local/ is for what you've done yourself, so if I was keeping source, I'd put it in there. But that's just me, I don't actually keep sources after I've compiled

EDIT: Spelling, whoops
 
Old 05-12-2007, 07:51 AM   #3
stress_junkie
Senior Member
 
Registered: Dec 2005
Location: Massachusetts, USA
Distribution: Ubuntu 10.04 and CentOS 5.5
Posts: 3,873

Rep: Reputation: 332Reputation: 332Reputation: 332Reputation: 332
Quote:
Originally Posted by szp
i have made a script (shell) to connect to my home WLAN - it loads the correct modules, does DHCP, etc.. the problem i ran into is.. where should i place it? /etc/? should I make a directory dedicated to my own scripts?
I created a script to do backups. I keep it in /root/bin. That seems like a good choice for your script.

Quote:
Originally Posted by szp
also, that script can only be ran as root (modules etc seem to require root privs). for now im good with 'su -c /scriptlocation' but i'm pretty sure theres a way for a normal user to run it with root privs without giving the password everytime..
Yes there is a way to run a script that requires privileges from a normal user account. This method is widely regarded as a security risk. The method is called "set uid" or just suid. What happens is that you create a script that is owned by the root account, then you set the file permissions to enable the suid bit. When a normal user account runs the script the user account temporarily takes on the identity of the owner of the file.

Setting a script to take on the identity of the script's owner is a bad idea when it is used to escalate privileges. I have only used suid to lower privileges such as setting a startup script to take on the identity of a normal user when root runs the script.

If you disable the need to give a password then you have disabled an important security feature. Security features always create some work for the user accounts affected by the security feature. That does not mean that you should disable the security feature. Passwords may be a nuisance but they are a part of security. Don't try to implement ways to avoid entering passwords. You would just be enabling the kinds of security weaknesses that are found in Windows.

The preferred way to give a normal user account the ability to run a script that requires privileges is to use the sudo utility. The sudo utility allows a normal user account to run a script or binary with root privileges. The difference between using sudo and su is that the password that is required is not the root password. Instead, the sudo utility requires the password of the user account that is running the script. The sudo utility won't allow just any user account to run scripts that require privileges. The root account must put the name of the user account that is allowed to run the script with privileges into a file called /etc/sudoers. The root account can also specify exactly which scripts and binaries the normal user account can run. This prevents the normal user account from running any script or binary that it chooses once it is in the /etc/sudoers file.

Quote:
Originally Posted by szp
also, when downloading apps etc i do that as normal user, not root (since everyones shouting DO NOT USE ROOT AS YOUR PRIMARY OR DIE, ..well ok) i've no idea where to put the sources after im done installing it (i always install from source). is there a special directory for that? or should i just delete them? since i dont have to be too concerned about diskspace i feel comfortable having theme *somewhere* i was thinking of using the premade *src directories but there's two of them.. got me lost (/usr/src and /usr/local/src)
The /usr/local/src directory would be a good choice. I have a directory /home/download where I put software kits. I have directories such as /home/download/firefox and /home/download/Linux.Slackware for holding individual software kits.

Quote:
Originally Posted by szp
anyway, what's up with that 'local' directory anyway, since it's like a copy of /usr?
The /usr/local directory came from Unix. It traditionally held software that did not come with the system. Some software developers still use that as the default directory to install their own software. These days you are more likely to see software install itself into either /bin or /usr/bin or /opt. So /usr/local is an old fashioned way of doing things but it is still used by some people.

Quote:
Originally Posted by szp
i know linux is all about 'freedom', but as im new to this, the excessive 'freedom' im facing here just gets me lost..
The freedom of GPL and open source is about freedom of choice and freedom to modify someone else's work. Linux is based on Unix and Unix has traditional ways of doing things. You can follow them or not but there are traditional de facto standards. One of those standards is the /usr/local directory and the /opt directory for installing software that did not come with the original system. Linux has had the $HOME/bin directory for storing software that each individual user can have to themselves. I only use $HOME/bin with the root account. I mount the /home partition with the "noexec" parameter to prevent most software that is stored on that partition from executing.

Last edited by stress_junkie; 05-12-2007 at 08:00 AM.
 
Old 05-12-2007, 11:07 AM   #4
szp
LQ Newbie
 
Registered: Aug 2006
Distribution: Slackware 11
Posts: 6

Original Poster
Rep: Reputation: 0
Thank you both for your input, especially you, stress_junkie - very insightful, i liked that.

i got one more question..

i do like to pay attention to security, but im using a laptop - and im the _only_ user of it. need i really pay such attention to restricting users' privs? this laptop hardly ever serves as a server, and all it's used for is programming (well, mainly - apart from normal everyday web/mail use)

if it were a server, i'd probably be paying VERY close attention to security..

or is this just about developing proper habits?

again, thanks for your input
 
Old 05-12-2007, 03:04 PM   #5
stress_junkie
Senior Member
 
Registered: Dec 2005
Location: Massachusetts, USA
Distribution: Ubuntu 10.04 and CentOS 5.5
Posts: 3,873

Rep: Reputation: 332Reputation: 332Reputation: 332Reputation: 332
One of our biggest modern problems is workstation computers that have been hijacked to run spam email or denial of service software. You don't want your computer to be sending spam or to be part of a denial of service attack on someone else's computer. These trojans are mostly written for Windows machines. Relatively few trojans and viruses are written for Unix or Linux or the *BSDs. Keep in mind, though, that the term "rootkit" originated on Unix. If you are running a well configured firewall then you are pretty well off regarding trojans. Even Linux is subject to malware written in Java or Java Script through the web browsers.

I would say that it is good to learn how to work in a secure environment so I would use the built in separation of privileges even on a computer that does not connect to any network ever. It helps to train the way that you think about doing things on the computer.


Last edited by stress_junkie; 05-12-2007 at 03:33 PM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Perl scripts in different location Suinatsa Programming 9 05-03-2006 01:06 PM
HowTo add specific location into sources.list? Mathsniper Debian 1 08-28-2005 05:21 AM
SUSE 9.3 YAST Installation Sources Location? Endorean SUSE / openSUSE 2 07-18-2005 07:55 PM
location startup scripts megadeth Linux - Software 2 05-22-2005 08:31 AM
reading cd's and location of init scripts TheOneAndOnlySM Slackware 1 10-13-2003 08:18 AM


All times are GMT -5. The time now is 03:55 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration