Re: Explain to me how I do not need root?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Sorry to say needing to run as root in this case is secuirty incompetence. 

First thing you have to be aware of is that Root user does not exist.  Yes you can see it but really from the Linux Kernel point of view it don't exist.

What the Linux kernel sees is a user granted all capabilities that happens to be userid 0 that is root. 

http://linux.die.net/man/7/capabilities  Each of the capabilities can grant to a program a small fragment of the power root has.

Now to use this.  I use setcap program to assign capabilities flags to binaries.  Under debain this tool is hidden way in libcap2-bin.  Little guide to using http://lwn.net/Articles/313047/

Now older command to do the same job was setfcaps  don't try using the next lot to solve problem as such but its contains good instructions when you update setfcaps instructions to setcap instructions to find out what caps an application really required.  http://www.ibm.com/developerworks/library/l-posixcap.html

Be aware there is even a capabilities flag to lie to application that it is userid 0.   There are very few if any programs that should be running as root on a Linux system.






[Index of Archives]     [Gimp for Windows]     [Red Hat]     [Samba]     [Yosemite Camping]     [Graphics Cards]     [Wine Home]

  Powered by Linux