LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (http://www.linuxquestions.org/questions/linux-security-4/)
-   -   Running super user commands as normal user (http://www.linuxquestions.org/questions/linux-security-4/running-super-user-commands-as-normal-user-372555/)

mickyg 10-13-2005 04:15 AM

Running super user commands as normal user
 
Hi all, I assume this is the right place for this:

I'm running SuSE 9.3 Pro and found that an application/command residing in an sbin (/sbin, /usr/sbin, etc) directory (which as I understand it holds the super users applications/commands and shouldn't be able to be run by a normal user without su-ing) can be run simply by typing to full path to the command.

Doing an "ls -l /sbin" gives me the "-rwxr-xr-x" for the application/commands.

My question is, should this be possible? Surely this impacts the security on the system if any user can simply do "whereis xxx" and the "/sbin/xxx" for example. If that makes sense.

I have also found this is possible on knoppix-std. I haven't tried it out on other distros but will when I get the chance.

mcosta 10-13-2005 04:33 AM

If you simply want the users can exec xxx located in /sbin without typing the full path what you want is in the PATH variable. Just type in a shell

$ echo $PATH

To see its value. To modify it:

$ export PATH=/sbin:/usr/sbin:$PATH

If you want people can exec things as root without su'ing: sudo. Look "man sudo" and "man sudoers"

mickyg 10-13-2005 06:33 AM

Thankyou for your reply but that's not my question. I'm aware of the sudoer's file and I know about the PATH environment variable, my question is should a normal user be able to execute something in an sbin folder? And if so, what's the point of having the sbin folder??

Doesn't this pretty much make the need to su redundant? Allowing a normal user to do this seems to be a security issue to me.

dracolich 10-13-2005 07:05 AM

Whenever I have tried executing a command from /sbin as a normal user (e.g. ifconfig, mount route) it prints a message "only root can do that." So even though the users can see the path to the files and permissions seem to allow users to access them, only root can execute them.

nx5000 10-13-2005 07:18 AM

Quote:

Originally posted by mickyg

My question is should a normal user be able to execute something in an sbin folder? And if so, what's the point of having the sbin folder??

Doesn't this pretty much make the need to su redundant? Allowing a normal user to do this seems to be a security issue to me.

If a user wants to run a file located in /sbin, he just has to get the source file and compile it in his directory. Or he can bring it from a usbstick or even download the binary directly to a directory he has access, so locking the sbin doesnt change a lot.

There are different levels of security:

If he wants to run /sbin/ifconfig, it will be ok. There is no real sensitive info here and he can also get it from /proc (on some distros)

Some files in /sbin don't have the x bit , so he will not manage. He will if he download the binary.

Some files in /sbin checks at the beginning if the user is root , so he won't manage, he can change the source and recompile.

For commands accessing sensitive resource, then the user needs access to this resource (/dev,/proc..)

When you su, you become superuser then you have access to these ressource,...

/sbin has superuser utilities , vital for the boot process.
http://www.pathname.com/fhs/

mickyg 10-14-2005 07:25 PM

Quote:

Whenever I have tried executing a command from /sbin as a normal user (e.g. ifconfig, mount route) it prints a message "only root can do that." So even though the users can see the path to the files and permissions seem to allow users to access them, only root can execute them.
Doesn't do that for me. mount is in /bin, route and ifconfig are in /sbin but typing the full path allows me to run them. I haven't tried to do anything fancy, just typing /sbin/ifconfig and /sbin/route.


All times are GMT -5. The time now is 11:37 PM.