Unsolved Using d-bus to start root binaray with usr binary
-
@d-rein What do you mean by "root process"? A process running with root privileges?
-
@d-rein said in Using d-bus to start root binaray with usr binary:
But is it possible to advise a root process to do somethang as local user process? Or very complicated?
It's "complicated", unless you know about
seteuid()
et al. and how to use them :)I know nothing about "DBusses" :) But if your message is, say, something across a socket connecting two processes, it is "OK" for one process to run as root and the other to run non-root, nothing actually forbids that. Of course, you do have to be careful that if a root process is asked to do something, particularly by a non-root process, the action is "safe". For example, if the root process received a message containing an arbitrary OS command from another process, and the other process sent
/bin/rm -fr /
, it wouldn't be very good if the root process did execute that...! -
@jsulm Yes on my system i have 15 processes running parallel. At the moment, if you log into the system you have root. What i have to do is the change this so when i user is logging in he has only user privileges. There is just on process that needs root privileges. The networkmanager. This is the process i have to advice to do something
-
It's "complicated", unless you know about
seteuid()
et al. and how to use them :)No. I dont know anything about it. But this can be changed :-)
And yes the connection to my systeem is over a websocket and shall start a non root process. actually we already use dbus in our system. But actuelly every process is started by a root user. So there is no problem but we want to change all except one to non root and just allow on process to run with root privs
-
@d-rein said in Using d-bus to start root binaray with usr binary:
But actuelly every process is started by a root user
How exactly do you start these processes? Do you use systemd?
-
they are binaries
-
-
Yes. Sry
-
@d-rein In that case you can specify the user the process should use in its service file, see https://askubuntu.com/questions/676007/how-do-i-make-my-systemd-service-run-via-specific-user-and-start-on-boot
"You can specify the directives User= and Group= in the [Service] section of the unit file.". -
Thank you.
I have only recently joined my company and have not yet fully integrated into the project. I will ask again about this.