Linux - GeneralThis Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
does anybody know how i have to configure sudo so that unprivileged user can execute one speciefied program that uses other programs which also need root permission to run?
an example is wvdial: it reads/writes from/to privileged files (/etc/ppp/stuff...) accesses a device owned by root (/dev/ttyS1) and then starts a program owned by root (pppd)...
how can i tell sudo, that anyone can access these few files/devices?
although not always suitable, I'd say that a program like wvidial would best be handled just by using the suid bit on the executable, as it's a generally safe program in terms of system security
Location: Vienna / Austria / Europe / Earth / Milky Way
Distribution: Debian
Posts: 22
Rep:
Re: help with sudo
Quote:
Originally posted by raven does anybody know how i have to configure sudo so that unprivileged user can execute one speciefied program that uses other programs which also need root permission to run?
The manual page for sudoers(5) is quite exaustive to that topic, it should be able to answer all your questions. It would be something like the following line:
Code:
ALL ALL=(root) /usr/bin/wvdial
That would allow all users to run /usr/bin/wvdial as root.
Quote:
an example is wvdial: it reads/writes from/to privileged files (/etc/ppp/stuff...) accesses a device owned by root (/dev/ttyS1) and then starts a program owned by root (pppd)...
On the other hand - for wvdial it wouldn't be really needed to be run as root at all! wvdial only needs access to that device and the files. You can make those files (at least) readable to a special group, chmod g+rw /dev/ttyS1 and make wvdial sgid to that special group which you put all those files in and the user. That has quite some advantages: An exploit in wvdial wouldn't make the system a big security risk and you can
Originally posted by raven well thank you, but if I set the mandantory files readable to my users, and i let them execute pppd, the connection always breaks after 1 second...
why is this?
besides: how do you set an executable suid root? thats a question I should have asked long beforte... :-)
thanks to everyone
cya
Not sure about the connection break, but here's a snip from somewhere on the SUID/SGID usage (it's also discussed in the chmod man pages):
Quote:
To give a program SUID permissions, do a chmod 4755 The 4 gives the SUID permission. The remaining three numbers follow the normal user-group-world permissions.
After, as root, you set the SUID bit on a program, anyone will then effectively become root while they are executing that program.
setting suid works now, but if I dial with another user than root, the pppd dies with exit code 2. i looked at the man pages what this means, it tells me
"error processing options given... two mutually exclusive options given."
Does it die for everyone except root? Can each user can have a custom config file in their home directory, or does pppd read from a central config file (in /etc maybe)? If the error is correct, pppd is recieving conflicting instructions from somewhere, and you might have to pick through the file(s) to find the conflict.
Not being familiar with it, that's about all I can offer.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.