LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Newbie (https://www.linuxquestions.org/questions/linux-newbie-8/)
-   -   execute firefox as it's own user (SUID) (https://www.linuxquestions.org/questions/linux-newbie-8/execute-firefox-as-its-own-user-suid-812982/)

zxLinux 06-08-2010 06:28 PM

execute firefox as it's own user (SUID)
 
hello
i was wondering if it is possible to run a program such as firefox or any other internet program as its own user (ie user firefox), but still in my desktop session, this way the program would have its own home folder and store all the data there, while i use it normally,

i was trying to set the suid on the firefox binaries but then it doesn't starts at all.

thanks for your advise!!

Agrouf 06-09-2010 03:22 AM

Yes, it is possible.
Code:

su -c firefox firefoxuser
You may have to use xauth in order to allow the firefox user to connect to your X server, depending on the security settings of your distro.

unSpawn 06-09-2010 03:43 AM

Quote:

Originally Posted by zxLinux (Post 3997151)
i was trying to set the suid on the firefox binaries but then it doesn't starts at all.

Whatever you do, do not mistake introducing (more) setuid applications as a fix for anything (unless you have made certain that the application can handle being setuid without introducing security problems)!

Here's a more detailed possible solution: http://calum.org/posts/running-firef...ser-using-sudo. Haven't tried it myself though so YMMV(VM).

zxLinux 06-10-2010 12:24 AM

hello
thanks for your help
i'm following that last link, it looks easy, however i'm not sure where to insert that lines created in vi

thanks for your help, so useful, only need that last step

unSpawn 06-12-2010 04:20 AM

The "User_Alias X_USERS" and "Defaults:X_USERS" lines go in /etc/sudoers above the "yourusername yourhostname=(ff) NOPASSWD: /usr/bin/firefox" line. Using 'visudo' prevents you from continuing with an /etc/sudoers with errors (also see 'visudo -c').

arashi256 06-12-2010 04:31 AM

Quote:

Originally Posted by unSpawn (Post 3997572)
Whatever you do, do not mistake introducing (more) setuid applications as a fix for anything (unless you have made certain that the application can handle being setuid without introducing security problems)!

Here's a more detailed possible solution: http://calum.org/posts/running-firef...ser-using-sudo. Haven't tried it myself though so YMMV(VM).

Why is this? I thought setting software to run as it's own user was a good idea? Care to explain?

unSpawn 06-12-2010 05:16 AM

I'm not talking about running SW as lesser or unprivileged users. Check what I actually quoted from the OP and you will see he tried to set the setuid attribute on the firefox binary. Setting it is a security risk if the application is not designed to handle it (well). While each system may have some standard applications that run setuid root, setting the setuid attribute for other applications is a weak move (as in checkmate requiring just one more move).


All times are GMT -5. The time now is 04:08 AM.