Unix and Linux Stack Exchange
Unix and Linux Stack Exchange

Questions tagged [privileges]

239 questions
133
votes
8 answers

Which is the safest way to get root privileges: sudo, su or login?

I would like to have the root account in safety even if my unprivileged user is compromised. On Ubuntu you can only use sudo for "security reasons" by default. However I am not sure it is any safer than just using login on a text-mode console. There…
stribika
  • 5,374
  • 5
  • 30
  • 35
106
votes
2 answers

What does the 's' attribute in file permissions mean?

Please compare the following two lines: -rws---r-x 1 root root 21872 2009-10-13 21:06 prg1 -rwx---r-x 1 root root 21872 2009-10-13 21:06 prg2 Does the setuid bit on prg1, along with the read and execute bits for 'other' mean that any user can…
anders
  • 1,163
  • 2
  • 7
  • 4
86
votes
3 answers

How do the internals of sudo work?

How does sudo work internally? How is it possible that it can become root without having the root password, unlike su? What syscalls, etc. are involved in the process? Is it not a gaping security hole in Linux (e.g. why couldn't I compile a…
strugee
  • 14,723
  • 17
  • 73
  • 119
80
votes
7 answers

Allowing a regular user to listen to a port below 1024

I need to allow a non-root user to run a server listening on port tcp/80. Is there any way to do this?
peoro
  • 3,658
  • 3
  • 32
  • 32
41
votes
2 answers

lsof: WARNING: can't stat() fuse.gvfsd-fuse file system

What exactly is happening here? root@bob-p7-1298c:/# ls -l /tmp/report.csv && lsof | grep "report.csv" -rw-r--r-- 1 mysql mysql 1430 Dec 4 12:34 /tmp/report.csv lsof: WARNING: can't stat() fuse.gvfsd-fuse file system /run/user/1000/gvfs …
jmunsch
  • 4,166
  • 3
  • 19
  • 29
35
votes
6 answers

What is the safest way for programmatically writing to a file with root privileges?

A huge application needs, at one specific time, to perform a small number of writes to a file which requires root permissions. It is not really a file but a hardware interface which is exposed to Linux as a file. To avoid giving root privileges to…
vsz
  • 547
  • 5
  • 15
28
votes
1 answer

Why does setuid not work?

I want to ensure that my program can only be run by user xyz using root privilege. To do this, I set the setuid bit with: chmod u+s program1.sh ls -l program1.sh rwsr-x--- 1 root house 1299 May 15 23:54 program1.sh Also, I added user xyz to the…
Marcus Thornton
  • 1,091
  • 3
  • 13
  • 16
27
votes
3 answers

What determines which Linux commands require root access?

What determines which Linux commands require root access? I understand the reasons why it is desirable that, say, apt-get should require root privilege; but what distinguishes these commands from the rest? Is it simply a matter of the ownership and…
Brian Dobby
  • 381
  • 1
  • 3
  • 5
27
votes
4 answers

What script could allow regular users to use network namespaces?

I have an architecture using network namespaces (netns). I would like to allow regular users to do some operations in these netns. I could write a script netns-exec.sh, inspired by this post, executed with sudo, containing: ip netns exec $1 su $USER…
Raspbeguy
  • 555
  • 1
  • 5
  • 12
27
votes
1 answer

Allow certain guests to execute certain commands

I would like to create a new user on some of my Debian/Ubuntu hosts that is able to update the server using the commands apt-get update and apt-get dist-upgrade, but I do not wan't to give them full sudo access to be able to do anything else. Is…
Programster
  • 2,157
  • 9
  • 23
  • 35
26
votes
5 answers

why does sudo work on Linux but not Android?

I have not had the chance to read enough about Android, Linux, or UNIX to answer this myself. sudo works on a Linux machine but doesn't work on Android unless you root the mobile device (e.g. Samsung GT-N8013). Why does the mobile device require to…
T. Webster
  • 881
  • 3
  • 11
  • 17
26
votes
3 answers

GID, current, primary, supplementary, effective and real group IDs?

The following links discuss these concepts in different contexts. I have read their definitions, but I still can't tell how they are related, or if some of them are just the same. Current group ID Group ID Primary and supplementary group…
Amelio Vazquez-Reina
  • 40,169
  • 77
  • 197
  • 294
25
votes
1 answer

Why it is possible for normal users to power off computer?

I used the command poweroff and unexpectedly the system went off. I didn't used sudo therefore I didn't expect computer to be turned off. Why it was possible for me to use this command without root privilege?
Amir reza Riahi
  • 803
  • 1
  • 8
  • 20
24
votes
3 answers

Is it possible to run 'unshare -n [program]' as an unprivileged user?

I want to run a program without any internet access, e.g. unshare -n ping 127.0.0.1. As an unprivileged user, it returns Operation not permitted, as a privileged user, it returns the desired Network is unreachable. Is there any way to make it work…
clinei
  • 343
  • 1
  • 2
  • 6
23
votes
8 answers

Which access rights can't the superuser violate?

Fr. Br. George told in one of his lectures (it's in Russian) that there are some access rights that superuser can not violate. That is there are some access right which can forbid superuser doing something. I was not able to find this information on…
Kolyunya
  • 579
  • 2
  • 7
  • 16
1
2 3
15 16