Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
If I'm running a program that requires root privs, I log in as root and chmod u+s to set suid permissions on the program. Then I log in as my normal user and run the program via sudo [program].
My question is, when I run this program do I run it as root or as normal user with root privs? So, if I'm running this suid program and I get hacked, will the hacker run a shell with root privs or my normal users privs?
It is usually a good idea to avoid SUID when possible. Sometimes it is necessary which is why it exists. When you use it, you need to be very careful, because it could become an easy path for attack on your system. This can happen if the program contains code that when abused can alter access to system functions.
My own policy is that I NEVER use SUID on something that I did not write myself and is not open source. Part of the power of Open Source is that sloppy or malicious code is usually detected and fixed before it is released for general use. When a vulnerability does slip through and is discovered, a fix is often complete and available quickly, since the whole world has access to it.
If the program is owned by root, you need to do the chmod u+s as root. You will also need to set the "other" execute bit (chmod o+x) so you can run it as a non-root user. Or a safer way would be to chmod g+x and make sure you are a member of the group. Also, you need to make sure that the program is in your path unless you want to supply the absolute path on the command.
trying to run a regular user account, while still retaining some main commands like mount, ifconfig, iwconfig, etc, etc. I just don't want to be root all the time cause of the security vulnerability.
Ok.... so you're using sudo to do these things? Then
there's no need to modify anything. mount is suid any
way, but that still requires either a) an entry in /etc/fstab
that states that ordinary users are allowed to mount
devices. As far as ifconfig/iwconfig go - depending on
your distro, and/or how tight you want security, just
add those few commands to your users (or the admin group
which you're a member off) sudoers entry.
Randomly modifying perms on individual executables is
(most of the time) a bad idea. Commonly the defaults
(including ownerships and permissions) on executables
are very sane and secure, and shouldn't be played with
lightly.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.