So I'm curious about something, and I haven't been able to find any documentation on it with a round of Googling. What's the generally-recommended method for elevating privileges on Linux?
I'm sure it varies from distro to distro, but say the user is working in a GUI app (launched as a normal user), and that GUI app needs to write to a location that only root can write to. What should the developer do? Spawn a setuid-root helper process? Is there API for this sort of thing in most distros? I haven't found any documentation on this specific problem.
Privilege elevation on Linux
Moderator: Thanas
-
Durandal
- Bile-Driven Hate Machine
- Posts: 17927
- Joined: 2002-07-03 06:26pm
- Location: Silicon Valley, CA
- Contact:
Privilege elevation on Linux
Damien Sorresso
"Ever see what them computa bitchez do to numbas? It ain't natural. Numbas ain't supposed to be code, they supposed to quantify shit."
- The Onion
"Ever see what them computa bitchez do to numbas? It ain't natural. Numbas ain't supposed to be code, they supposed to quantify shit."
- The Onion
I read about PolicyKit on Ars a short while ago, and that may end up being the standardized method for fine-grained, secure privilege escalation. Other than that, though, I think you may well be limited to a helper process and then using IPC. HAL and NetworkManager do that, IIRC.
Admin tools on GNOME generallyuse gksudo to either launch a helper or relaunch themselves, asking for the root password and run w/ root privileges. Another option would be to add the user to a group and make the file restricted to that group if it's not important write access be restricted.
ah.....the path to happiness is revision of dreams and not fulfillment... -SWPIGWANG
Sufficient Googling is indistinguishable from knowledge -somebody
Anything worth the cost of a missile, which can be located on the battlefield, will be shot at with missiles. If the US military is involved, then things, which are not worth the cost if a missile will also be shot at with missiles. -Sea Skimmer
George Bush makes freedom sound like a giant robot that breaks down a lot. -Darth Raptor
It's probably best to use the GUI implementations of su/sudo like gksudo or gksu, since then you don't have to bother asking the password yourself (which is liable to introduce security holes).
ah.....the path to happiness is revision of dreams and not fulfillment... -SWPIGWANG
Sufficient Googling is indistinguishable from knowledge -somebody
Anything worth the cost of a missile, which can be located on the battlefield, will be shot at with missiles. If the US military is involved, then things, which are not worth the cost if a missile will also be shot at with missiles. -Sea Skimmer
George Bush makes freedom sound like a giant robot that breaks down a lot. -Darth Raptor
-
Chris OFarrell
- Durandal's Bitch
- Posts: 5724
- Joined: 2002-08-02 07:57pm
- Contact:
A big question is going to be how often this program is going to be needing to do its operations it needs to be root. If its one or two times, and it only is doing minor stuff as root, that it just has to be root because of the security model, then by all means have something like the GUI sudo stuff, or a spawning a child that can do it.
But if its going to be doing a LOT of work as the super user, then you might consider making the program only something a high level user can run...
But if its going to be doing a LOT of work as the super user, then you might consider making the program only something a high level user can run...
