Re: setuid root (i think)

Subject: Re: setuid root (i think)
From: James Zuelow (e5z8652@zuelow.net)
Date: Tue Jun 17 2003 - 22:34:40 AKDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
• Next message: Paul Carr: "IDE and SCSI"
• Previous message: Justin Dieters: "Re: setuid root (i think)"
• In reply to: Justin Dieters: "Re: setuid root (i think)"
• Reply: James Zuelow: "Re: setuid root (i think)"
• Reply: James Zuelow: "Re: setuid root (i think)"

On Tue, 17 Jun 2003, Justin Dieters wrote:

>
> I use 'kdesu -c <command>' for this type of problem. It's the program
> that will ask you for the root password and then run <command> as root.
> It's a KDE tool, but I believe there is a counterpart for gnome as well.
> I use it with blackbox, so you don't necessarily have to use KDE for
> it to work.

Sounds like "KDE's su"

You should find su and sudo installed on just about any system, even
minimal base installs.

You can use su to temporarily assume root's identity (or any other user on
the system). `su -c` will run a command as root. See `man su`. On some
systems, notably many BSD flavors, you must be a member of the wheel group
in order to su to root. This isn't as common on Linux boxes but may be
something to watch out for.

Many people prefer sudo, as it is a bit more granular. You can specify
which users can run which commands as root, and even specify some commands
that require a password and others that don't. So for example, user joe
can run pppon without supplying the password, user james must supply the
password first, and user guest cannot run pppon at all. See `man sudo`.

Alternatively, many commands that deal with devices such as /dev/ttyS0
will run as a normal user, but run into problems when the devices
themselves are accessible only by root. Look at the error message and see
if pppon is running, but complaining that it cannot open the serial device
to talk to the modem. If that is the case, then you can set appropriate
permissions on the device. For example, you may already have a "dialout"
group installed on your machine with read/write rights to the serial
device. Adding users to the dialout group lets them open & close the
modem connection.

Finally, if you REALLY need to set the pppon script setuid root, you can
try (as root) `chmod 4555 pppon` - the key there is the 4. (man chmod).
However IMHO it would be better to use a group method similar to above,
and try a `chmod 4550 pppon`, and add trusted users to a group with rights
to the pppon script. Remember that if you set pppon to be setuid root, it
will run as root regardless of who initiates it. So if there is a problem
with the script...

Cheers,

James

---------
To unsubscribe, send email to <aklug-request@aklug.org>
with 'unsubscribe' in the message body.

• Next message: Paul Carr: "IDE and SCSI"
• Previous message: Justin Dieters: "Re: setuid root (i think)"
• In reply to: Justin Dieters: "Re: setuid root (i think)"
• Reply: James Zuelow: "Re: setuid root (i think)"
• Reply: James Zuelow: "Re: setuid root (i think)"

This archive was generated by hypermail 2a23 : Tue Jun 17 2003 - 22:37:11 AKDT