LinuxQuestions.org
Register a domain and help support LQ
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 05-19-2015, 09:11 AM   #1
Ra'Jiska
Member
 
Registered: Apr 2013
Posts: 47

Rep: Reputation: Disabled
lsof -i Issue


Hello,

I would like to use the lsof -i command without a privilege elevated user, however it doesn't work, the output is null. It does only work when I sudo it. On another server, I've got it working perfectly, without the user being root or having to use sudo (web user). How would I be able to proceed ?
Linux - Ubuntu 14.04.

Thanks.
 
Old 05-19-2015, 11:32 AM   #2
smallpond
Senior Member
 
Registered: Feb 2011
Location: Massachusetts, USA
Distribution: CentOS 6 (pre-systemd)
Posts: 2,609

Rep: Reputation: 702Reputation: 702Reputation: 702Reputation: 702Reputation: 702Reputation: 702Reputation: 702
On the other server is it setuid root?
 
Old 05-19-2015, 11:34 AM   #3
MensaWater
LQ Guru
 
Registered: May 2005
Location: Atlanta Georgia USA
Distribution: Redhat (RHEL), CentOS, Fedora, Debian, FreeBSD, HP-UX, Solaris, SCO
Posts: 6,577
Blog Entries: 14

Rep: Reputation: 969Reputation: 969Reputation: 969Reputation: 969Reputation: 969Reputation: 969Reputation: 969Reputation: 969
It's related to how it was compiled. You can recompile your own to allow non-root users to use it but I prefer to use sudo to give access to the few folks that might need it.

From "man lsof"

Quote:
SECURITY
Lsof has three features that may cause security concerns. First, its
default compilation mode allows anyone to list all open files with it.
Second, by default it creates a user-readable and user-writable device
cache file in the home directory of the real user ID that executes
lsof. (The list-all-open-files and device cache features may be dis-
abled when lsof is compiled.) Third, its -k and -m options name alter-
nate kernel name list or memory files.

Restricting the listing of all open files is controlled by the com-
pile-time HASSECURITY and HASNOSOCKSECURITY options. When HASSECURITY
is defined, lsof will allow only the root user to list all open files.
The non-root user may list only open files of processes with the same
user IDentification number as the real user ID number of the lsof pro-
cess (the one that its user logged on with).

However, if HASSECURITY and HASNOSOCKSECURITY are both defined, anyone
may list open socket files, provided they are selected with the -i
option.

When HASSECURITY is not defined, anyone may list all open files.

Help output, presented in response to the -h or -? option, gives the
status of the HASSECURITY and HASNOSOCKSECURITY definitions.

See the Security section of the 00README file of the lsof distribution
for information on building lsof with the HASSECURITY and HASNOSOCKSE-
CURITY options enabled.
P.S. lsof is one of the greatest tools for UNIX/Linux. It can do so many different things. I heartily recommend it to all who haven't learned of it yet. It's author, Vic Abel, was even kind enough to work with me and one of the big UNIX vendors a few years back when I discovered issues with it on their platform.
 
Old 05-19-2015, 12:08 PM   #4
Ra'Jiska
Member
 
Registered: Apr 2013
Posts: 47

Original Poster
Rep: Reputation: Disabled
@smallpod
Not setuid root for the process and the lsof file (/usr/bin/lsof).

@MensaWater
How would I be able to proceed ?


Also, I've noticed something, the process created by the other server have 'dr-xr-xr-x 7 www-data www-data' while the other one have 'dr-x------ 7 www-data www-data'.
Not sure it'd be very important since owner in both cases have read access.
Two log files were added, both strace of the working and non working lsof from servers. 'lsof.log' is the non working and 'lsof-good.log' is the one working.
The file 'lsof-good.log' was cutted since it was too big to be uploaded.

Thanks for your help.
Attached Files
File Type: log lsof.log (99.0 KB, 7 views)
File Type: log lsof-good.log (248.7 KB, 6 views)
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] lsof not found geekslinux AIX 4 12-18-2014 11:15 PM
Get PID from lsof -i Ra'Jiska Linux - Server 6 07-29-2013 11:49 PM
Why cannot run lsof? thomas2004ch Linux - Newbie 4 03-05-2010 09:15 AM
using lsof command rheosiva Linux - Newbie 2 04-02-2009 02:36 AM
lsof redirect WRXSTi Programming 8 10-02-2006 04:45 PM


All times are GMT -5. The time now is 04:35 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration