On Thu, Oct 19, 2000 at 10:53:05AM +1100, Jill Rowling wrote:
> What method do people prefer when wanting a program to run as a particular
> user?
> Examples:
> At startup time, in init.d I might want to run a script as user
> "blah"
At startup you should _always_ use su. There is no reason to use setuid
and it's just likely to introduce security holes.
> Or I want to run a program as user "blah" where "blah" has less
> privileges than my normal user account.
The problem with using setuid for programs which aren't built for it is
that you often introduce security holes of some form.
> (Thinks of easily broken things like X and Netscape, hehe)
eg, if you setuid Netscape, then it's going to be fairly trivial for
someone else to get access to that account - simply because Netscape isn't
written to be setuid.
If you must use setuid, try and use some method to make sure that nobody
who doesn't need to can run the program. eg, if you're on a single user
home machine there might be no need to do anything, otherwise you might
need to play with groups to make it so that only certain people can run
that binary.
> Which is preferable?
> Are there other ways of doing it?
Of course, this is Unix so there's always other ways to do it :)
One way that springs to mind is sudo. This will give you some flexability
on what can be run, who can run them, and what is needed in the way of
passwords (eg, password of the user running it, password of the user you're
going to run the program as, no password, etc).
As a rule, setuid is evil and should be avoided at all cost.
On a sort of aside here, lots of people running Unix boxes at home
(particularly with a single user) do things the "wrong" (note the quotes!)
way, with the excuse that it doesn't matter on such a small setup.
If you've got any intention of ever using your home experience for any
further good, be that commercially, for charity, or ever just helping a
friend I'd really suggest you try and do things one of the "right" ways.
Good habits are good to learn early, and bad habits are hard to get out
of. Using setuid might work fine on your single box at home, but it's
just not going to cut it in a commercial environment.
Scott.
--
SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/
More Info: http://slug.org.au/lists/listinfo/slug
