Why does userhelper needs to have a SUID enabled .

ratan61 · 12-13-2023, 01:13 AM

Hello All ,

I have been reading about what is userhelper and didn't find very clear evidences why does userhelper is needed by the OS. However, there is another challenge why userhelper is enabled with SUID and what happens if we disable the SUID on the file : /usr/sbin/userhelper . Please help urgently

lvm_ · 12-13-2023, 02:37 AM

Quote:

Originally Posted by ratan61

I have been reading about what is userhelper and didn't find very clear evidences why does userhelper is needed by the OS.

It isn't. It is part of usermode package providing GUI interfaces for certain system tasks - see package description, which can be done in other ways.

Quote:

Originally Posted by ratan61

why userhelper is enabled with SUID and what happens if we disable the SUID on the file : /usr/sbin/userhelper

It will loose privileged access needed to do these task and stop working.

pan64 · 12-13-2023, 02:53 AM

it looks like a homework question again. Anyway, only the root user is allowed to manage users, therefore users need to use setuid apps to configure their own settings (like set password).

ratan61 · 12-13-2023, 11:22 PM

do you mean if I disable the SUID on the userhelper file , will disable the non-root user to set the password?

hazel · 12-14-2023, 12:31 AM

Quote:

Originally Posted by ratan61

do you mean if I disable the SUID on the userhelper file , will disable the non-root user to set the password?

Traditionally you changed your password using the passwd command. If you look at that, you will see that it too has the SUID bit set. Changing a password requires write access to the shadow file and only root has that, so logically all password-changing commands need SUID.

MadeInGermany · 12-14-2023, 06:36 AM

I didn't know about userhelper.
Perhaps it is only used in a PAM dialogue? For ex "Password expired, please enter new Password"?