LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices

Reply
 
Search this Thread
Old 11-12-2003, 03:46 AM   #1
johnnygnote
LQ Newbie
 
Registered: Oct 2003
Location: Durango CO
Distribution: Mandriva 10.2 LE
Posts: 24

Rep: Reputation: 15
Changing User Privilege question


Howdy, I've been perusing the forum and finding all kinds of answers to questions I've had the past couple of weeks while gettin situated with my new computer and Linux Mandrake 9.1, thanks for all the knowledgable info here it has been very helpful. I have a simple question that probably has a simple answer but I can't seem to find the answer so here goes.

I downloaded Firestarter and installed it (works very nicely) when I went to configure it I had to do so in root. Ok so i got it running put on my desktop for easy access and changed the permission to user execute , but when I click on it I still get asked for root password "no user privilege". Is there some way for me to change the user privilege specifications for this application so I can run it from User and not just root? I don't mind turning it on manually I just want to be able to do it with out having to go to root each time. Any suggestions?
 
Old 11-12-2003, 12:04 PM   #2
kilgoretrout
Senior Member
 
Registered: Oct 2003
Posts: 2,298

Rep: Reputation: 138Reputation: 138
Having your firewall accessable to ordinary users strikes me as a bad security move. Linux firewalls are usually just front ends for the iptables, i.e. they automate the process of editing the iptables by hand. Only root can edit the iptables which is why your getting prompted for a root password. You can have ordinary users run the program with root privileges by changing the permissions to SetUID. It's easy to do. In a console, su to root and run:

# chmod 4755 <path to firestarter>

From a security standpoint it's a terrible idea however. That's the reason why by design the program requires root privileges to run.
 
Old 11-12-2003, 12:24 PM   #3
shanenin
Member
 
Registered: Aug 2003
Location: Rochester, MN, U.S.A
Distribution: Gentoo
Posts: 987

Rep: Reputation: 30
The good idea for you would be to have your firewall script(the one firestarter created) load at boot up. I know how I did it in slackware, but I think it is different in mandrake. It is probably as simple as copying the script and making it exacutable and moving it to the right location, so it gets run at bootup. With a little reasearch you should be able to figure it out.
 
Old 11-13-2003, 03:29 AM   #4
johnnygnote
LQ Newbie
 
Registered: Oct 2003
Location: Durango CO
Distribution: Mandriva 10.2 LE
Posts: 24

Original Poster
Rep: Reputation: 15
Thanks to both of you. Kilgore I'm the only user on the system so I don't see a problem although I do see what you mean and your explanation as to why it's a bad idea is well understood. Since no one else is using the system I'm not too concerned but I will give it some thought. I was just looking for convenience but I'm already getting use to going to root to start FS up. Shanein thanks, after I made the post I went back to FS's site and looked closer at the manual, there is a script that can go in to the start up file, the info can be found here

http://firestarter.sourceforge.net/m...ersistence.php

the script is given and it says to place it in the rc.local file, it also says something about kppp having an option to launch scripts when it connects but I can't seem to locate it. any one know about that particular bit of info?

both of you have given me great answers. Thanks.

Last edited by johnnygnote; 11-13-2003 at 03:38 AM.
 
Old 11-13-2003, 08:13 AM   #5
kilgoretrout
Senior Member
 
Registered: Oct 2003
Posts: 2,298

Rep: Reputation: 138Reputation: 138
I'm not sure about the kpp thing. It's been a while since I used it since I got broadband cable(Oh Happy Day!!!). Just to expand on the security concerns a bit, having other users being able to access the firewall is obviously one. Another concern deals with the situation where you are hacked despite the efforts of your firewall. The hacker would then be able to rewrite your firewall rules and totally open your system which could allow for further root exploits on the opened ports. Using setUID is always a security concern for this reason; it allows someone who gets access to your system as an ordinary user to run setUID programs as root. It should be used sparingly because the security ramifications are not always clear.
 
Old 11-13-2003, 04:13 PM   #6
johnnygnote
LQ Newbie
 
Registered: Oct 2003
Location: Durango CO
Distribution: Mandriva 10.2 LE
Posts: 24

Original Poster
Rep: Reputation: 15
Thanks Kilgore, just one more question. Is there a way to specify a user using the chmod string?

Thanks again
 
Old 11-13-2003, 04:32 PM   #7
MartinN
Member
 
Registered: Nov 2003
Location: Ronneby, Sweden
Posts: 555

Rep: Reputation: 30
No, a file has (exactly) one owner. That owner is changed with the command chown.

chown NEW_OWNER FILE(S)

Martin
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Changing a User carlosinfl Linux - General 11 11-29-2005 02:25 PM
Changing user preference kool_kid Slackware 9 02-04-2005 09:19 AM
User id (needs changing) podollb Linux - Software 2 05-15-2004 09:26 AM
Ulimit privilege for a user linuxfans Linux - General 3 04-16-2003 12:03 PM
User privilege on NFS directory Rex_chaos Linux - Networking 2 03-22-2002 10:54 AM


All times are GMT -5. The time now is 12:11 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration