LinuxQuestions.org
Register a domain and help support LQ
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices

Reply
 
Search this Thread
Old 04-19-2013, 10:36 AM   #1
JZL240I-U
Senior Member
 
Registered: Apr 2003
Location: Germany
Distribution: openSuSE 13.1 / 12.3_64-KDE, Ubuntu 14.04, Fedora 20, Mint 17, Chakra
Posts: 3,675

Rep: Reputation: Disabled
(automatic) excution of a program in /usr/sbin as normal user


I have /usr/sbin/powertop (to minimize power consumption on my netbook) which I want to run automatically late during boot. It has set "-rwxr-xr-x". So I assumed "others" having set their "r-x" (e.g. users like me) can execute it. But I get the message:
Quote:
"Absolute path to 'powertop' is '/usr/sbin/powertop', so running it may require superuser privileges (e.g. root)."
I know that I could add /usr/sbin to my $PATH to get rid of that but I don't want to open that much access to normal users.

Any ideas what is causing this and how to change it without creating security holes? TIA.

Last edited by JZL240I-U; 04-19-2013 at 10:37 AM.
 
Old 04-19-2013, 10:52 AM   #2
linosaurusroot
Member
 
Registered: Oct 2012
Distribution: OpenSuSE,RHEL,Fedora,OpenBSD
Posts: 808
Blog Entries: 2

Rep: Reputation: 203Reputation: 203Reputation: 203
Quote:
Originally Posted by JZL240I-U View Post
I know that I could add /usr/sbin to my $PATH to get rid of that but I don't want to open that much access to normal users.
That's safe to do and doesn't increase access.
 
Old 04-22-2013, 01:06 AM   #3
JZL240I-U
Senior Member
 
Registered: Apr 2003
Location: Germany
Distribution: openSuSE 13.1 / 12.3_64-KDE, Ubuntu 14.04, Fedora 20, Mint 17, Chakra
Posts: 3,675

Original Poster
Rep: Reputation: Disabled
Probably a stupid question but anyhow, why is it
Quote:
Originally Posted by linosaurusroot View Post
... safe to do and doesn't increase access.
After all, it puts all executables in /usr/sbin in my reach, doesnt't it? Can't this be done selectively just for one program?
 
Old 04-22-2013, 01:43 AM   #4
chrism01
Guru
 
Registered: Aug 2004
Location: Sydney
Distribution: Centos 6.5, Centos 5.10
Posts: 16,289

Rep: Reputation: 2034Reputation: 2034Reputation: 2034Reputation: 2034Reputation: 2034Reputation: 2034Reputation: 2034Reputation: 2034Reputation: 2034Reputation: 2034Reputation: 2034
Notice the word 'may' in the msg; its just a warning.
Depending on how you call it, you may be able to suppress it.
If you add it to the startup routines, worst case its just one extra msg amongst many, unless you reboot a lot(!)
 
Old 04-22-2013, 01:56 AM   #5
JZL240I-U
Senior Member
 
Registered: Apr 2003
Location: Germany
Distribution: openSuSE 13.1 / 12.3_64-KDE, Ubuntu 14.04, Fedora 20, Mint 17, Chakra
Posts: 3,675

Original Poster
Rep: Reputation: Disabled
Well, no, it is not only a warning, since I'm thrown back to the prompt. "powertop" has a user interface which should otherwise be shown on the screen (sorry, I mixed two scenarios so as not to flood the forum with stupid questions).
 
Old 04-22-2013, 08:24 AM   #6
chrism01
Guru
 
Registered: Aug 2004
Location: Sydney
Distribution: Centos 6.5, Centos 5.10
Posts: 16,289

Rep: Reputation: 2034Reputation: 2034Reputation: 2034Reputation: 2034Reputation: 2034Reputation: 2034Reputation: 2034Reputation: 2034Reputation: 2034Reputation: 2034Reputation: 2034
In that case, its a badly written msg.

The boot process is run by root, so if its in there, you shouldn't get a problem unless you're trying to run it as someone else.
If you want to run it as someone who is not root, try setting suid (as root) on the file.
Code:
chmod u+s /usr/sbin/powertop
This causes it to run as root, regardless of who calls it, eg see /usr/bin/passwd.
 
Old 04-22-2013, 08:39 AM   #7
JZL240I-U
Senior Member
 
Registered: Apr 2003
Location: Germany
Distribution: openSuSE 13.1 / 12.3_64-KDE, Ubuntu 14.04, Fedora 20, Mint 17, Chakra
Posts: 3,675

Original Poster
Rep: Reputation: Disabled
Quote:
chmod u+s /usr/sbin/powertop
Tried it, but no change. When I try it now, I still get

Quote:
"Absolute path to 'powertop' is '/usr/sbin/powertop', so running it may require superuser privileges (e.g. root)."
@ linosaurusroot: Your suggestion doesn't work either. I get
Quote:
Powertop v2.2 must be run with root privileges.
Leaving...
So what now? PAM??

Last edited by JZL240I-U; 04-22-2013 at 08:41 AM.
 
Old 04-22-2013, 08:46 AM   #8
david1941
Member
 
Registered: May 2005
Location: St. Louis, MO
Distribution: CentOS6
Posts: 267

Rep: Reputation: 57
you could try a sym link to the executable in /usr/bin
 
Old 04-22-2013, 08:58 AM   #9
273
Senior Member
 
Registered: Dec 2011
Location: UK
Distribution: Debian Sid AMD64, Raspbian Wheezy, various VMs
Posts: 3,418

Rep: Reputation: 794Reputation: 794Reputation: 794Reputation: 794Reputation: 794Reputation: 794Reputation: 794
I think it's hard coded into powertop to check that the user running it is root, at least that's what I get from the code here:
https://github.com/fenrus75/powertop...r/src/main.cpp
Code:
static void checkroot() {
        int uid;
        uid = getuid();

        if (uid != 0) {
                printf(_("PowerTOP " POWERTOP_VERSION " must be run with root privileges.\n"));
                printf(_("exiting...\n"));
                exit(EXIT_FAILURE);
        }
}

Last edited by 273; 04-22-2013 at 09:00 AM.
 
Old 04-22-2013, 12:27 PM   #10
JZL240I-U
Senior Member
 
Registered: Apr 2003
Location: Germany
Distribution: openSuSE 13.1 / 12.3_64-KDE, Ubuntu 14.04, Fedora 20, Mint 17, Chakra
Posts: 3,675

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by 273 View Post
...it's hard coded into powertop to check that the user running it is root...
Darn. That means when I use my netbook as normal user I have to "su" to root to set the proper power settings. That's bloody inconvenient . Or do any of you have a different solution?
 
Old 04-22-2013, 12:43 PM   #11
273
Senior Member
 
Registered: Dec 2011
Location: UK
Distribution: Debian Sid AMD64, Raspbian Wheezy, various VMs
Posts: 3,418

Rep: Reputation: 794Reputation: 794Reputation: 794Reputation: 794Reputation: 794Reputation: 794Reputation: 794
I'm afraid I don't, but would something like this help?
http://askubuntu.com/questions/11270...nges-permanent
Not used it myself so can't vouch for it working.
 
Old 04-22-2013, 08:50 PM   #12
chrism01
Guru
 
Registered: Aug 2004
Location: Sydney
Distribution: Centos 6.5, Centos 5.10
Posts: 16,289

Rep: Reputation: 2034Reputation: 2034Reputation: 2034Reputation: 2034Reputation: 2034Reputation: 2034Reputation: 2034Reputation: 2034Reputation: 2034Reputation: 2034Reputation: 2034
At least in post #9 the msg says 'must' be run as root; that's much clearer.
Wonder why OP gets a different msg; different version perhaps?
Maybe you should contact the author.
 
Old 04-23-2013, 12:57 AM   #13
273
Senior Member
 
Registered: Dec 2011
Location: UK
Distribution: Debian Sid AMD64, Raspbian Wheezy, various VMs
Posts: 3,418

Rep: Reputation: 794Reputation: 794Reputation: 794Reputation: 794Reputation: 794Reputation: 794Reputation: 794
Quote:
Originally Posted by chrism01 View Post
At least in post #9 the msg says 'must' be run as root; that's much clearer.
Wonder why OP gets a different msg; different version perhaps?
Maybe you should contact the author.
You make a very good point. The message about the absolute path doesn't seem to be in the listing I linked to and looks like it may even be a system message. Perhaps that means that the sticky bit is working and it's something else?
 
Old 04-23-2013, 01:32 AM   #14
JZL240I-U
Senior Member
 
Registered: Apr 2003
Location: Germany
Distribution: openSuSE 13.1 / 12.3_64-KDE, Ubuntu 14.04, Fedora 20, Mint 17, Chakra
Posts: 3,675

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by 273 View Post
...The message about the absolute path doesn't seem to be in the listing I linked to and looks like it may even be a system message. Perhaps that means that the sticky bit is working and it's something else?
That's why I mentioned PAM, but with that I'm entirely out of my depth. I'll try your askubuntu link and come back later.
 
Old 04-24-2013, 04:08 AM   #15
JZL240I-U
Senior Member
 
Registered: Apr 2003
Location: Germany
Distribution: openSuSE 13.1 / 12.3_64-KDE, Ubuntu 14.04, Fedora 20, Mint 17, Chakra
Posts: 3,675

Original Poster
Rep: Reputation: Disabled
Well, that opened a whole new can of worms .

I had (in part) already incorporated the procedure from your link, 273. I completed it now and thus have a script with all the desired commands. In principle I don't need to run "powertop" anymore, though I'd still like to know, whether these restrictions can be circumvented. Anyways.

The normal user (myself) can run that script and it resides in KDE's Autostart directory. But it doesn't work . In the most cases access to the /proc and /sys directories (rather their subdirectories) is denied. Also commands like "hdparm", "ethtool" and "iw" are not found. When I "su" too root and run that script I get no error and everything is set as desired. So I'm back to step one.

The same (i.e. nothing) happens, when I incorporate the commands from the script in the user's ".profile" or ".bashrc" files.

Btw. chrism01, I checked with wikipedia, it says that most distributions disable the suid bit of script for security reasons.

You also wrote that the init process is run by root. Thus I copied the script to /etc/init.d and created links at rc3.d and rc5.d. And lo and behold -- the script works as desired -- but only when I log in as root, and not so when I'm the normal user, even though "chkconfig" and YAST's runlevel editor show that the script is active and running.

Seems that "systemd" is not always running as root?!? I don't understand this at all...

Last edited by JZL240I-U; 04-24-2013 at 04:15 AM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
/usr/sbin/httpd: symbol lookup error: /usr/sbin/httpd: undefined symbol: apr_atomic_x dasoberdick Slackware 16 10-11-2014 02:36 AM
Error: Cannot find 'ssh-keygen' in '/sbin:/bin:/usr/sbin:/usr/bin:/usr/X11R6/bin' venu.navat Linux - Software 3 03-08-2012 04:00 AM
[SOLVED] Cant execute commands that is in sbin/ with normal user. tERn Linux - Desktop 1 10-16-2009 11:18 AM
Can I install to /usr/local as a normal user? Jongi Suse/Novell 8 12-20-2005 11:45 PM
How do you change what the /usr/sbin/service program runs? launchcode Red Hat 3 07-16-2004 01:18 PM


All times are GMT -5. The time now is 02:42 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration