Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I would like to use the lsof -i command without a privilege elevated user, however it doesn't work, the output is null. It does only work when I sudo it. On another server, I've got it working perfectly, without the user being root or having to use sudo (web user). How would I be able to proceed ?
Linux - Ubuntu 14.04.
It's related to how it was compiled. You can recompile your own to allow non-root users to use it but I prefer to use sudo to give access to the few folks that might need it.
From "man lsof"
Quote:
SECURITY
Lsof has three features that may cause security concerns. First, its
default compilation mode allows anyone to list all open files with it.
Second, by default it creates a user-readable and user-writable device
cache file in the home directory of the real user ID that executes
lsof. (The list-all-open-files and device cache features may be dis-
abled when lsof is compiled.) Third, its -k and -m options name alter-
nate kernel name list or memory files.
Restricting the listing of all open files is controlled by the com-
pile-time HASSECURITY and HASNOSOCKSECURITY options. When HASSECURITY
is defined, lsof will allow only the root user to list all open files.
The non-root user may list only open files of processes with the same
user IDentification number as the real user ID number of the lsof pro-
cess (the one that its user logged on with).
However, if HASSECURITY and HASNOSOCKSECURITY are both defined, anyone
may list open socket files, provided they are selected with the -i
option.
When HASSECURITY is not defined, anyone may list all open files.
Help output, presented in response to the -h or -? option, gives the
status of the HASSECURITY and HASNOSOCKSECURITY definitions.
See the Security section of the 00README file of the lsof distribution
for information on building lsof with the HASSECURITY and HASNOSOCKSE-
CURITY options enabled.
P.S. lsof is one of the greatest tools for UNIX/Linux. It can do so many different things. I heartily recommend it to all who haven't learned of it yet. It's author, Vic Abel, was even kind enough to work with me and one of the big UNIX vendors a few years back when I discovered issues with it on their platform.
@smallpod
Not setuid root for the process and the lsof file (/usr/bin/lsof).
@MensaWater
How would I be able to proceed ?
Also, I've noticed something, the process created by the other server have 'dr-xr-xr-x 7 www-data www-data' while the other one have 'dr-x------ 7 www-data www-data'.
Not sure it'd be very important since owner in both cases have read access.
Two log files were added, both strace of the working and non working lsof from servers. 'lsof.log' is the non working and 'lsof-good.log' is the one working.
The file 'lsof-good.log' was cutted since it was too big to be uploaded.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.