Running a process with limited root privileges
Hi guys,
I am wondering if there's a way by which we can grant limited root privileges to a process. Let me further explain, a customer of my department would like to run a process on users workstations that collect hardware-related information, this process requires root privileges to read files under /proc and the like. Is there a way by which we can limit this process access to the filesystem; for example, limit this process to only access /proc ONLY?. Your responses are highly appreciated. Thanks. |
Quote:
Some examples of GNU/Linux tools of this nature: SELinux, AppArmor, TOMOYO, and Smack. |
Thinking of interfacing /proc specifically there's also SNMP. That way any (authorised) remote or local client could obtain data w/o some app requiring root rights. Might not apply to whatever you vaguely defined as "and the like".
|
Is the required information mirrored in the /sys/ pseudo filesystem?
|
Thank you very much guys for the enlightening comments, Thank you all specially win32sux and un Spawn.
jschiwal: I am sorry to not answer your question as I will follow the guidlines outlined by the gyus. Here's what I will do: 1. First investigate the use of SNMP 2. If (1) is not possible to implement, I'd go for SELINUX Thanks very much |
As far as I know, you don't need root privileges to read /proc. Anyway, a quite simple method could possibly be to mirror /proc in a chroot jail.
Yves. |
Quote:
Quote:
|
All times are GMT -5. The time now is 10:13 PM. |