LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - General
User Name
Password
Linux - General This Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.

Notices


Reply
  Search this Thread
Old 08-01-2009, 07:48 AM   #1
navidpaya
LQ Newbie
 
Registered: Aug 2009
Posts: 1

Rep: Reputation: 0
Running an application using an ordinary user


Kudos everyone
I work in a firm working on specialized software. I work in the security department and my first task is to work on an in-house application. My main job to make the application run under a certain user with the least possible privileges, instead of 'root' which is being used right now.
So far I've managed to make a list of the files the application is trying to access using AppArmor, as well as a list of the things it does using strace. Now I got to a part where I know, for instance, the application is trying to use a setrlimit call to restrict the resources the application uses but since the user is not 'root', it can't.
I wanted to know if there's some way I can give a grant for such an action to the user or if I should instruct the coders to implement this in some other way?
I'm not a coder at all, so I'm really out of ideas. I'd be grateful if anyone can shed some light on my understanding. Thank you all in advance.

Navid
 
Old 08-01-2009, 10:33 PM   #2
rob.rice
Senior Member
 
Registered: Apr 2004
Distribution: slack what ever
Posts: 1,071

Rep: Reputation: 202Reputation: 202Reputation: 202
normal users can only write to there home directory so every application is restricted .
 
Old 08-02-2009, 11:45 PM   #3
chrism01
LQ Guru
 
Registered: Aug 2004
Location: Sydney
Distribution: Centos 6.10, Centos 7.5
Posts: 17,606

Rep: Reputation: 2445Reputation: 2445Reputation: 2445Reputation: 2445Reputation: 2445Reputation: 2445Reputation: 2445Reputation: 2445Reputation: 2445Reputation: 2445Reputation: 2445
Well, if you look here http://linux.die.net/man/2/setrlimit you can see at the bottom that it refers to ulimit http://linux.die.net/man/1/ulimit which you can set for the user when he logs in. You might want to have the app run in its own user and/or via setuid.
If the prog really needs root type access, set it so the user has to run it via sudo ie user can run only that cmd via sudo.
http://linux.die.net/man/8/sudo
 
Old 08-03-2009, 02:39 AM   #4
catkin
LQ 5k Club
 
Registered: Dec 2008
Location: Tamil Nadu, India
Distribution: Debian
Posts: 8,577
Blog Entries: 31

Rep: Reputation: 1195Reputation: 1195Reputation: 1195Reputation: 1195Reputation: 1195Reputation: 1195Reputation: 1195Reputation: 1195Reputation: 1195
Hello navidpaya

If the application absolutely has to do some things which only root can do (best not) then it could be started via a setuid executable that could do all those things and then change effective userid. This would be more transparent to the user than using sudo.

Best

Charles
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
How do i change to super user then revert back to ordinary user ,using shell script? wrapster Solaris / OpenSolaris 6 03-18-2009 03:37 AM
Script with root privileges running by an ordinary user MOCKBA Linux - Newbie 3 02-09-2007 03:33 PM
running cron job as an ordinary user fahad26 Linux - General 1 06-30-2005 03:46 AM
Problem running giFT (with FastTrack plugin) as ordinary user MacLin Linux - Software 1 02-09-2005 04:48 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - General

All times are GMT -5. The time now is 12:38 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration