Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Hi. I want to make a sandbox-user for network apps just for some more security. However I have 2 issues. Just like root is above all other normal users, I want to have my user above sandbox user, so I don't have to type password when I su as him. Are there user levels or something like that in linux?
Second minor problem is when I run iceweasel as sandbox user I get warning:
"owner of /tmp/orbit-user is not the current user"
The browser runs however, I don't know if this warn is important.
I'm running Debian Squeeze.
Hi. I want to make a sandbox-user for network apps just for some more security. However I have 2 issues. Just like root is above all other normal users, I want to have my user above sandbox user, so I don't have to type password when I su as him. Are there user levels or something like that in linux?
No, it's not really a heirarchy like that. There's root, and there's everyone else.
What you probably can do instead is install sudo and set it up so that your user can run commands as the sandbox user without entering a password. Not sure of the exact syntax, you'll want to read up on sudo.
Quote:
Second minor problem is when I run iceweasel as sandbox user I get warning:
"owner of /tmp/orbit-user is not the current user"
The browser runs however, I don't know if this warn is important.
I'm running Debian Squeeze.
Not entirely sure what /tmp/orbit-user is, but I think it has to do with interprocess communication. Probably firefox uses it to communicate back to your desktop environment. As long as it works, I wouldn't worry much about it.
But how can I do this? I mean sudo as sandbox user w/o password and not sudo as root w/o password.
Btw Is there a way to pass password automatically in a bash script to su?
Edit: I can't use sudo as X doesn't work properly even in gksudo it throws me an error. I have to do it with su (or rather sux). It works perfectly with sux but how do I pass password automatically?
But how can I do this? I mean sudo as sandbox user w/o password and not sudo as root w/o password.
I don't know the exact syntax you'll need, just that sudo can do this. Start reading the sudoers man page. You'll want the NOPASSWD flag, and you'll probably ONLY want to enable iceweasel. Sudo can do things as users other than root, you just have to pass it a flag (I think it's -u ) to tell it what user you want to operate as.
Quote:
Btw Is there a way to pass password automatically in a bash script to su?
Not securely. You can use expect, but then your password is in the script.
Quote:
Edit: I can't use sudo as X doesn't work properly even in gksudo it throws me an error. I have to do it with su (or rather sux). It works perfectly with sux but how do I pass password automatically?
If you're ok with putting a password in the file, use expect.
If you want it to be reasonably secure, let's fix the problem with X and sudo. Probably running "xhost +local:''" before the sudo command is all you need to do.
I can't use sudo as X doesn't work properly even in gksudo it throws me an error. I have to do it with su (or rather sux). It works perfectly with sux but how do I pass password automatically?
Did you already edit the sudoer config file ? and activated your user to su without password prompt ?
Exp: allow all su command for user:
your_user ALL=(ALL) NOPASSWD:ALL
In your shell script :
su <your_user> -c "your shell command"
Hi. I want to make a sandbox-user for network apps just for some more security. However I have 2 issues. Just like root is above all other normal users, I want to have my user above sandbox user, so I don't have to type password when I su as him. Are there user levels or something like that in linux?
Second minor problem is when I run iceweasel as sandbox user I get warning:
"owner of /tmp/orbit-user is not the current user"
The browser runs however, I don't know if this warn is important.
I'm running Debian Squeeze.
It isn't done yet. What you are thinking of sounds like what is called "name spaces". It is possible to do, but still being developed. The kernel patches are still developing - but it is close (I suspect sometime this year).
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.