LinuxQuestions.org
Page 1 of 2 1 2
Show 50 post(s) from this thread on one page

LinuxQuestions.org (/questions/)
-   Linux - Software (https://www.linuxquestions.org/questions/linux-software-2/)
-   -   Is running a standalone browser in Ubuntu still limited user? (https://www.linuxquestions.org/questions/linux-software-2/is-running-a-standalone-browser-in-ubuntu-still-limited-user-4175735752/)

JASlinux 04-06-2024 07:01 PM
Is running a standalone browser in Ubuntu still limited user?
 
(XFCE environment)

Code:
xubuntu@xubuntu:/$ ps aux | grep -i pale
xubuntu  2417 13.4  3.9 2102748 303000 ?      Sl  23:20  1:41 ./palemoon-bin
xubuntu  2533  0.0  0.0  21712  964 pts/6    S+  23:32  0:00 grep --color=auto -i pale
xubuntu@xubuntu:/$
Is xubuntu Palemoon's owner or just the user who ran the process? I can save a webpage to any media location & am wondering if standalone default is the same as running as root (ie, no security benefit).

My goal is to run a standalone browser as a limited user in a live session, & the only way I am sure of that is by copying the app to ram.

frankbell 04-06-2024 08:13 PM
What do you mean by "limited"?

As far as I know, you get no additional browser capability by running a browser as root, but you open your OS to increased vulnerability.

JASlinux 04-06-2024 09:35 PM
Quote:
Originally Posted by frankbell (Post 6494547)
What do you mean by "limited"?
"Limited" just means a limited user, standard in Windows & default in an Ubuntu installation. If your current user does not have superuser privileges (without sudo), you are running as limited.

I am not trying to run as root but understand the current state. Is a standalone browser running as root or not?

I am running, as user xubuntu, a standalone browser that is not in the system but an external partition.

How can I verify it is running as a limited user?

teckk 04-07-2024 02:12 PM
Quote:
Is a standalone browser running as root or not?
What user opened it?
Quote:
How can I verify it is running as a limited user?
Code:
whoami
ps a -o pid,tty,etime,cmd,user
ps -e -o pid,tty,etime,cmd,user

dugan 04-07-2024 06:41 PM
It’s running as the user that launched it. Why would you think otherwise?

dugan 04-07-2024 07:03 PM
There’s only one way to get executables to *not* run as the user that launched them. I assume this wasn’t done with palemoon.

https://en.m.wikipedia.org/wiki/Setuid

You, on the other hand, don’t have to assume. You can check with “ls -l”.

JASlinux 04-08-2024 07:06 AM
1 Attachment(s)
Quote:
Originally Posted by dugan (Post 6494743)
It’s running as the user that launched it. Why would you think otherwise?
unrestricted media access

How can a limited user app access any partition or folder?

I am in a non-Ubuntu distro running this browser as a limited user & when I try to save this webpage out of its restricted area it is automatically deleted.

Attachment 42677

jmgibson1981 04-08-2024 07:34 AM
*Nix systems are designed to keep you confined to your home directory without special privileges. This is a good thing, not a bad one. You are free to create directories most anywhere and use them as you please. The permissions system is quite granular. Ultimately though it's best to keep things in /home/"$USER" wherever possible.

With the
Code:
xubuntu
user in your op post I'm assuming you are loading a live environment. That alone is problematic because you won't be able to store anything anyway. It will disappear on reboot.

JASlinux 04-09-2024 01:50 AM
Quote:
Originally Posted by jmgibson1981 (Post 6494829)
*Nix systems are designed to keep you confined to your home directory without special privileges. This is a good thing, not a bad one. You are free to create directories most anywhere and use them as you please. The permissions system is quite granular. Ultimately though it's best to keep things in /home/"$USER" wherever possible.
Not sure what *Nix is but the idea of using directories anywhere despite limited user status is what I have to get used to in Ubuntu, though admittedly that's the same as Windows.

I just started getting used to restricted access elsewhere.

Quote:
With the
Code:
xubuntu
user in your op post I'm assuming you are loading a live environment. That alone is problematic because you won't be able to store anything anyway. It will disappear on reboot.
Yes, and there is no problem, completely intentional for security. It just eats a lot of setup time each boot.

pan64 04-09-2024 02:16 AM
Quote:
Originally Posted by JASlinux (Post 6494822)
unrestricted media access

How can a limited user app access any partition or folder?

I am in a non-Ubuntu distro running this browser as a limited user & when I try to save this webpage out of its restricted area it is automatically deleted.

Attachment 42677
Your wording is confusing. There is no limited user, there is no unrestricted media access and in general it is working in a different way.
We have let's say regular users and root, nothing else. We have groups. Every file/dir has its own permissions to rule who (which user/group) is allowed to read/write it.
Also there is a restricted shell, which means a limited environment. We have also containers to encapsulate things and/or hide things.
Copying an app into RAM does not mean any kind of restriction or limitation.
Running a live section means a different approach again.

But first of all would be nice to know exactly what do you want to solve?

JASlinux 04-09-2024 02:24 AM
Quote:
Originally Posted by pan64 (Post 6494949)
But first of all would be nice to know exactly what do you want to solve?
I want to run a browser out of the system, standalone, without the privileges of root, or to at least understand why a browser running as a regular user without admin privileges seems to run unrestricted. What is the difference between

Code:
sudo firefox
and

Code:
firefox
?

JASlinux 04-09-2024 02:27 AM
Quote:
Originally Posted by pan64 (Post 6494949)
Copying an app into RAM does not mean any kind of restriction or limitation.
Running all FAT32 & NTFS file systems, I need internal system directories to change permissions.

Quote:
Running a live section means a different approach again.
always my case

pan64 04-09-2024 02:56 AM
Quote:
Originally Posted by JASlinux (Post 6494951)
I want to run a browser out of the system, standalone, without the privileges of root, or to at least understand why a browser running as a regular user without admin privileges seems to run unrestricted. What is the difference between

Code:
sudo firefox
= and =
firefox
?
see man page, sudo means change user (to root) and run app (firefox)


Quote:
Originally Posted by JASlinux (Post 6494951)
I want to run a browser out of the system,

?
that is meaningless. How do you want to run anything without an OS? What do you mean by that?
Copying/relocate a file (executable) to anywhere does not solve or modify anything. It has no any impact on the execution.

JASlinux 04-10-2024 02:33 AM
Quote:
Originally Posted by pan64 (Post 6494957)

How do you want to run anything without an OS? What do you mean by that?
A browser, for example, will be builtin, user installed, an executable container format (snap, AppImage, FlatPak, etc), or standalone portable.

You can put a standalone portable in a system folder, but they can also be most other locations.

When you put a browser out of the system, it will commonly not run with restricted permissions, logically, when it will run as root.

This is not rule but common practice.

Try it!

I am new to running browsers in Ubuntu, so I need to learn how restricted they are running as a limited user.

dugan 04-11-2024 12:58 PM
Quote:
Originally Posted by jmgibson1981 (Post 6494829)
With the "xubuntu" user in your op post I'm assuming you are loading a live environment.
I'm guessing that that this is the case, and the explanation for what you're seeing is that the livecd user account not a "limited user".


All times are GMT -5. The time now is 08:13 PM.
Page 1 of 2 1 2
Show 50 post(s) from this thread on one page