LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 06-08-2010, 07:28 PM   #1
zxLinux
LQ Newbie
 
Registered: Jul 2008
Posts: 17

Rep: Reputation: 0
execute firefox as it's own user (SUID)


hello
i was wondering if it is possible to run a program such as firefox or any other internet program as its own user (ie user firefox), but still in my desktop session, this way the program would have its own home folder and store all the data there, while i use it normally,

i was trying to set the suid on the firefox binaries but then it doesn't starts at all.

thanks for your advise!!
 
Old 06-09-2010, 04:22 AM   #2
Agrouf
Senior Member
 
Registered: Sep 2005
Location: France
Distribution: LFS
Posts: 1,591

Rep: Reputation: 79
Yes, it is possible.
Code:
su -c firefox firefoxuser
You may have to use xauth in order to allow the firefox user to connect to your X server, depending on the security settings of your distro.
 
Old 06-09-2010, 04:43 AM   #3
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,361
Blog Entries: 55

Rep: Reputation: 3547Reputation: 3547Reputation: 3547Reputation: 3547Reputation: 3547Reputation: 3547Reputation: 3547Reputation: 3547Reputation: 3547Reputation: 3547Reputation: 3547
Quote:
Originally Posted by zxLinux View Post
i was trying to set the suid on the firefox binaries but then it doesn't starts at all.
Whatever you do, do not mistake introducing (more) setuid applications as a fix for anything (unless you have made certain that the application can handle being setuid without introducing security problems)!

Here's a more detailed possible solution: http://calum.org/posts/running-firef...ser-using-sudo. Haven't tried it myself though so YMMV(VM).
 
Old 06-10-2010, 01:24 AM   #4
zxLinux
LQ Newbie
 
Registered: Jul 2008
Posts: 17

Original Poster
Rep: Reputation: 0
hello
thanks for your help
i'm following that last link, it looks easy, however i'm not sure where to insert that lines created in vi

thanks for your help, so useful, only need that last step
 
Old 06-12-2010, 05:20 AM   #5
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,361
Blog Entries: 55

Rep: Reputation: 3547Reputation: 3547Reputation: 3547Reputation: 3547Reputation: 3547Reputation: 3547Reputation: 3547Reputation: 3547Reputation: 3547Reputation: 3547Reputation: 3547
The "User_Alias X_USERS" and "Defaults:X_USERS" lines go in /etc/sudoers above the "yourusername yourhostname=(ff) NOPASSWD: /usr/bin/firefox" line. Using 'visudo' prevents you from continuing with an /etc/sudoers with errors (also see 'visudo -c').
 
Old 06-12-2010, 05:31 AM   #6
arashi256
Member
 
Registered: Jan 2008
Location: Brighton, UK
Distribution: Ubuntu 12.04 / CentOS 6.5
Posts: 394

Rep: Reputation: 61
Quote:
Originally Posted by unSpawn View Post
Whatever you do, do not mistake introducing (more) setuid applications as a fix for anything (unless you have made certain that the application can handle being setuid without introducing security problems)!

Here's a more detailed possible solution: http://calum.org/posts/running-firef...ser-using-sudo. Haven't tried it myself though so YMMV(VM).
Why is this? I thought setting software to run as it's own user was a good idea? Care to explain?
 
Old 06-12-2010, 06:16 AM   #7
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,361
Blog Entries: 55

Rep: Reputation: 3547Reputation: 3547Reputation: 3547Reputation: 3547Reputation: 3547Reputation: 3547Reputation: 3547Reputation: 3547Reputation: 3547Reputation: 3547Reputation: 3547
I'm not talking about running SW as lesser or unprivileged users. Check what I actually quoted from the OP and you will see he tried to set the setuid attribute on the firefox binary. Setting it is a security risk if the application is not designed to handle it (well). While each system may have some standard applications that run setuid root, setting the setuid attribute for other applications is a weak move (as in checkmate requiring just one more move).
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
mounting cifs as user - permissions problem with SUID bit dh4 Linux - Networking 1 01-11-2010 03:31 PM
A question on SUID (Set User ID) saagar Linux - Newbie 3 12-10-2009 01:51 PM
How to work with Set User ID (SUID)? CrAzYoNi Linux - Newbie 6 07-02-2009 02:39 AM
Suid only for one user? sti2envy Linux - Security 2 11-04-2004 10:43 PM
SUID file drops suid bit on append? c_coder Programming 1 03-12-2004 08:59 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 05:19 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration