LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)
-   -   linux user levels? (https://www.linuxquestions.org/questions/linux-security-4/linux-user-levels-4175452413/)

kox444 03-02-2013 12:19 PM
linux user levels?
 
Hi. I want to make a sandbox-user for network apps just for some more security. However I have 2 issues. Just like root is above all other normal users, I want to have my user above sandbox user, so I don't have to type password when I su as him. Are there user levels or something like that in linux?
Second minor problem is when I run iceweasel as sandbox user I get warning:
"owner of /tmp/orbit-user is not the current user"
The browser runs however, I don't know if this warn is important.
I'm running Debian Squeeze.

lykwydchykyn 03-02-2013 04:43 PM
Quote:
Originally Posted by kox444 (Post 4903228)
Hi. I want to make a sandbox-user for network apps just for some more security. However I have 2 issues. Just like root is above all other normal users, I want to have my user above sandbox user, so I don't have to type password when I su as him. Are there user levels or something like that in linux?
No, it's not really a heirarchy like that. There's root, and there's everyone else.
What you probably can do instead is install sudo and set it up so that your user can run commands as the sandbox user without entering a password. Not sure of the exact syntax, you'll want to read up on sudo.

Quote:
Second minor problem is when I run iceweasel as sandbox user I get warning:
"owner of /tmp/orbit-user is not the current user"
The browser runs however, I don't know if this warn is important.
I'm running Debian Squeeze.
Not entirely sure what /tmp/orbit-user is, but I think it has to do with interprocess communication. Probably firefox uses it to communicate back to your desktop environment. As long as it works, I wouldn't worry much about it.

kox444 03-03-2013 01:40 AM
But how can I do this? I mean sudo as sandbox user w/o password and not sudo as root w/o password.
Btw Is there a way to pass password automatically in a bash script to su?
Edit: I can't use sudo as X doesn't work properly even in gksudo it throws me an error. I have to do it with su (or rather sux). It works perfectly with sux but how do I pass password automatically?

lykwydchykyn 03-03-2013 04:40 PM
Quote:
Originally Posted by kox444 (Post 4903527)
But how can I do this? I mean sudo as sandbox user w/o password and not sudo as root w/o password.
I don't know the exact syntax you'll need, just that sudo can do this. Start reading the sudoers man page. You'll want the NOPASSWD flag, and you'll probably ONLY want to enable iceweasel. Sudo can do things as users other than root, you just have to pass it a flag (I think it's -u ) to tell it what user you want to operate as.

Quote:
Btw Is there a way to pass password automatically in a bash script to su?
Not securely. You can use expect, but then your password is in the script.
Quote:
Edit: I can't use sudo as X doesn't work properly even in gksudo it throws me an error. I have to do it with su (or rather sux). It works perfectly with sux but how do I pass password automatically?
If you're ok with putting a password in the file, use expect.
If you want it to be reasonably secure, let's fix the problem with X and sudo. Probably running "xhost +local:''" before the sudo command is all you need to do.

war49 03-03-2013 07:46 PM
Quote:
I can't use sudo as X doesn't work properly even in gksudo it throws me an error. I have to do it with su (or rather sux). It works perfectly with sux but how do I pass password automatically?
Did you already edit the sudoer config file ? and activated your user to su without password prompt ?

Exp: allow all su command for user:
your_user ALL=(ALL) NOPASSWD:ALL

In your shell script :
su <your_user> -c "your shell command"

jpollard 03-03-2013 08:15 PM
Quote:
Originally Posted by kox444 (Post 4903228)
Hi. I want to make a sandbox-user for network apps just for some more security. However I have 2 issues. Just like root is above all other normal users, I want to have my user above sandbox user, so I don't have to type password when I su as him. Are there user levels or something like that in linux?
Second minor problem is when I run iceweasel as sandbox user I get warning:
"owner of /tmp/orbit-user is not the current user"
The browser runs however, I don't know if this warn is important.
I'm running Debian Squeeze.
It isn't done yet. What you are thinking of sounds like what is called "name spaces". It is possible to do, but still being developed. The kernel patches are still developing - but it is close (I suspect sometime this year).


All times are GMT -5. The time now is 03:49 PM.