What is good security measure to give normal user some super user power
Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
What is good security measure to give normal user some super user power
supposed two normal user share dir in same group. and if root wants to grant those two users power to change group id to group they're sharing, but don't want to give any other power, how can that be achieved?
I thinking place a setuid root shell script that changes group id to group id they're sharing without permission to change the content of the script.
I heard it's security risk. what other safe way to grant normal user to change group id of file and dir but prevents other power?
babbab, i think what you want can be achieved with linux file permissions and sudo.
you should read up on the subject of file permissions, and sudo's documentation.
maybe tldp.org can help.
No I mean I want to give super power to normal user but don't want to give super power to normal user.
I want normal user able to execute script of change group id of file on certain directory only without making any change to the script, so it's very specific power. But I don't want to give any other super power to normal user.
I was thinking setuid of script without write permission, but is it safe?
Do you mean running "chmod +x script.sh" to make a script run with "./script.sh"? You can just have a normal user run that on a shell script, and everything is cool if the script doesn't execute any root commands or edit files that the user can't edit.
No I mean I want to give super power to normal user but don't want to give super power to normal user.
I want normal user able to execute script of change group id of file on certain directory only without making any change to the script, so it's very specific power. But I don't want to give any other super power to normal user.
I was thinking setuid of script without write permission, but is it safe?
Grant either chmod, or chown, or other similar coreutils to the "normal user" using the link I gave you earlier
in the Example
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
