LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Non-*NIX Forums > Programming
User Name
Password
Programming This forum is for all programming questions.
The question does not have to be directly related to Linux and any language is fair game.

Notices

Reply
 
LinkBack Search this Thread
Old 07-28-2007, 09:01 PM   #1
SiW
LQ Newbie
 
Registered: Feb 2005
Posts: 3

Rep: Reputation: 0
Editing files owned by root


Hi, I'm planning to make a server/client program in Java, where the client connects to the server and the server edits files located on the server. What I want to know is, if the files are owned by root, what is the most secure way of editing the files? Should I just run the server as root, or is there a better way of doing it?

Thanks,
SiW
 
Old 07-28-2007, 09:50 PM   #2
zhangmaike
Member
 
Registered: Oct 2004
Distribution: Slackware
Posts: 376

Rep: Reputation: 31
The most secure thing to do would be to change the ownership of those files such that your server can read and write to them. This would not only allow the server to run without root privileges, but would allow you to selectively choose which root-owned files can be edited and which cannot.
 
Old 07-29-2007, 12:14 PM   #3
ta0kira
Senior Member
 
Registered: Sep 2004
Distribution: FreeBSD 9.1, Kubuntu 12.10
Posts: 3,078

Rep: Reputation: Disabled
I wouldn't go as far as changing the ownership of the files unless your application is already rock solid security-wise. The safest way I see to do this is to copy-on-edit the files to a holding tank and require root to approve overwrites. You should use this method at least until your program is stable so that an error in the program doesn't do something catastrophic such as corrupt fstab or shadow or whichever critical file it might be editing.

To allow root to approve the changes, I would create an "approve" script which copies the files from the holding tank to their correct locations while backing up the old versions. This can be run by connecting via ssh remotely if necessary. You should, of course, access the files and check their validity before copying them into place.
ta0kira

PS In general, the only reason a server program should run as root is to start sub-processes under different user IDs. Normally the main process shouldn't access anything using the root user ID. Part of the security policy for the server I am writing specifically states that the server won't interact with the file system ever with a user ID of root.
 
Old 07-31-2007, 09:55 AM   #4
bigearsbilly
Senior Member
 
Registered: Mar 2004
Location: england
Distribution: FreeBSD, Debian, Mint, Puppy
Posts: 3,269

Rep: Reputation: 165Reputation: 165
why are they root files?

are they in /etc or something?

I would say avoid being root where possible at all times.
perhaps you could change the file groups and make them writeable for
your servers group

or if not something like, say, a root server process reading a fifo or better a unix socket,
so your server gets a copy of the conf file, edits it, writes it's path to
the fifo and the root process does the rest?
 
Old 07-31-2007, 10:00 AM   #5
sudevank
LQ Newbie
 
Registered: Mar 2007
Posts: 27

Rep: Reputation: 15
try sudo after login as user
 
Old 07-31-2007, 01:36 PM   #6
taylor_venable
Member
 
Registered: Jun 2005
Location: Indiana, USA
Distribution: OpenBSD, Ubuntu
Posts: 892

Rep: Reputation: 40
Quote:
Originally Posted by bigearsbilly
or if not something like, say, a root server process reading a fifo or better a unix socket,
so your server gets a copy of the conf file, edits it, writes it's path to
the fifo and the root process does the rest?
That sounds like a good idea, but your server must then authenticate itself to the root process. That's not hard, but it is an extra step. I'd opt for using group privileges on the files if these things are to be written often. (Although if that were the case, the question "why aren't they owned by the user the server is running as" is begged.)
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
assign user to access root owned files eyt Linux - General 1 07-27-2007 03:28 PM
user access to files owned by root jonfa Linux - General 2 07-09-2007 11:58 AM
all users have access to root owned files sakatola Linux - Security 2 07-22-2005 12:45 AM
Make a file owned by root owned by a user sharpie Linux - Newbie 2 02-26-2004 01:26 AM
vfat mount - all files are 'root' owned, but even root can't -WX d33pdream Linux - General 5 02-28-2003 02:38 AM


All times are GMT -5. The time now is 03:10 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration