Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
Secure way to allow a non-root user to start a service
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
Magister Cistiorum
n00b
n00b


Joined: 22 Dec 2010
Posts: 14

PostPosted: Tue Nov 26, 2013 7:48 pm    Post subject: Secure way to allow a non-root user to start a service Reply with quote

There is a PPP network interface configured as a service by creating a symlink `/etc/init.d/net.ppp0` linked to `/etc/init.d/net.lo` and adding a `/etc/conf.d/net.ppp0` config file:

Code:
# cd /etc/init.d
# ln -s net.lo net.ppp0
# cat > /etc/conf.d/net.ppp0 <<DELIM
> link_ppp0='pty "pptp vpn.server.org --nolaunchpppd"'
> username_ppp0='myusername'
> pppd_ppp0='defaultroute lcp-echo-interval 15 lcp-echo-failure 4 updetach'
> metric_ppp0="2"
> mtu_ppp0="1400"
> rc_net_ppp0_need="net.enp2s0"
> DELIM


Trying to start the service as a non-root user without root privileges I have the following message:

Code:
$ /etc/init.d/net.ppp0 start
net.ppp0      | * net.ppp0: superuser access required


The connection remains not established after that.

I'm wondering the most secure way to allow a non-root user to start/stop this server with root privileges. Since `setuid` on scripts (`/etc/init.d/net.lo` is a script) ignored the only idea I have is to use `sudo`. Are there another, perhaps more secure than using `sudo`, ways to solve this problem?
Back to top
View user's profile Send private message
mv
Watchman
Watchman


Joined: 20 Apr 2005
Posts: 6276

PostPosted: Tue Nov 26, 2013 8:46 pm    Post subject: Reply with quote

Why do you think that sudo is not secure?
Back to top
View user's profile Send private message
The Doctor
Moderator
Moderator


Joined: 27 Jul 2010
Posts: 2546

PostPosted: Tue Nov 26, 2013 10:56 pm    Post subject: Reply with quote

If you set up sudo correctly you can easily set it so the only thing it allows is to start that particular script.

I'm also kind of curious what kind of vulnerabilities you think sudo has.
_________________
First things first, but not necessarily in that order.

Apologies if I take a while to respond. I'm currently working on the dematerialization circuit for my blue box.
Back to top
View user's profile Send private message
Anon-E-moose
Advocate
Advocate


Joined: 23 May 2008
Posts: 3699
Location: Dallas area

PostPosted: Tue Nov 26, 2013 11:59 pm    Post subject: Reply with quote

As the others have said sudo can be locked down to only a single app or it can be a few apps or wide open.

Sudo is not unsecure unless the person granting permissions allows it to be wide open.
_________________
Asus m5a99fx, FX 8320 - nouveau & radeon, oss4
Acer laptop E5-575, i3-7100u - i965, alsa
---both---
4.14.62 kernel, profile 17.0 (no-pie) amd64-no-multilib
gcc 8.2.0, eudev, openrc, openbox, palemoon
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum