Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Introduction to Linux - A Hands on Guide
This guide was created as an overview of the Linux Operating System, geared toward new users as an exploration tour and getting started guide, with exercises at the end of each chapter.
For more advanced trainees it can be a desktop reference, and a collection of the base knowledge needed to proceed with system and network administration. This book contains many real life examples derived from the author's experience as a Linux system and network administrator, trainer and consultant. They hope these examples will help you to get a better understanding of the Linux system and that you feel encouraged to try out things on your own.
Click Here to receive this Complete Guide absolutely free.
I would like to use the lsof -i command without a privilege elevated user, however it doesn't work, the output is null. It does only work when I sudo it. On another server, I've got it working perfectly, without the user being root or having to use sudo (web user). How would I be able to proceed ?
Linux - Ubuntu 14.04.
It's related to how it was compiled. You can recompile your own to allow non-root users to use it but I prefer to use sudo to give access to the few folks that might need it.
From "man lsof"
Lsof has three features that may cause security concerns. First, its
default compilation mode allows anyone to list all open files with it.
Second, by default it creates a user-readable and user-writable device
cache file in the home directory of the real user ID that executes
lsof. (The list-all-open-files and device cache features may be dis-
abled when lsof is compiled.) Third, its -k and -m options name alter-
nate kernel name list or memory files.
Restricting the listing of all open files is controlled by the com-
pile-time HASSECURITY and HASNOSOCKSECURITY options. When HASSECURITY
is defined, lsof will allow only the root user to list all open files.
The non-root user may list only open files of processes with the same
user IDentification number as the real user ID number of the lsof pro-
cess (the one that its user logged on with).
However, if HASSECURITY and HASNOSOCKSECURITY are both defined, anyone
may list open socket files, provided they are selected with the -i
When HASSECURITY is not defined, anyone may list all open files.
Help output, presented in response to the -h or -? option, gives the
status of the HASSECURITY and HASNOSOCKSECURITY definitions.
See the Security section of the 00README file of the lsof distribution
for information on building lsof with the HASSECURITY and HASNOSOCKSE-
CURITY options enabled.
P.S. lsof is one of the greatest tools for UNIX/Linux. It can do so many different things. I heartily recommend it to all who haven't learned of it yet. It's author, Vic Abel, was even kind enough to work with me and one of the big UNIX vendors a few years back when I discovered issues with it on their platform.
Not setuid root for the process and the lsof file (/usr/bin/lsof).
How would I be able to proceed ?
Also, I've noticed something, the process created by the other server have 'dr-xr-xr-x 7 www-data www-data' while the other one have 'dr-x------ 7 www-data www-data'.
Not sure it'd be very important since owner in both cases have read access.
Two log files were added, both strace of the working and non working lsof from servers. 'lsof.log' is the non working and 'lsof-good.log' is the one working.
The file 'lsof-good.log' was cutted since it was too big to be uploaded.