Non root user access to /dev/mem


 
Thread Tools Search this Thread
Top Forums UNIX for Advanced & Expert Users Non root user access to /dev/mem
# 8  
Old 08-09-2018
The instructions are pretty clear in that doc you added:

Quote:
Before running Perceptive Content Server as a non-root user on a shadowed system, you need to configure Role Based Access Control (RBAC) or an Access Control List (ACL).

If your Linux distributor offers RBAC as a supported package or embeds it into the Linux Kernel, you can use the configuration options detailed in the following sections of this document. Otherwise, to achieve rootless authentication, you need to download a third party RBAC kernel module from a trusted source.

Verify that the RBAC kernel provides the roles necessary to read your shadowed passwd file, and can provide read access to /dev/mem. While you can grant ACL read privileges to /etc/shadow, a kernel module/patch is required to grant read privileges to /dev/mem and cannot be granted with ACL privileges alone.

If you are unable to locate a trustable source or you are concerned about security issues with downloading a third party RBAC kernel module, you can use the built in security features of Perceptive

Content to release root privileges and run as another user after server initialization. To use these built insecurity features, you need to configure daemons to run on a non-root user account.
Did you verify your Linux kernel has been built to permit RBAC per the instructions?
# 9  
Old 08-09-2018
Yes just now i realized a point i missed "to run as a daemon".
One more help, according to the guide -

Quote:
Start Perceptive Content as a non-root user
There are security risks with running Perceptive Content under your root user account. Linux and UNIX
systems always start at the root user level. To start Perceptive Content as a non-root user, complete the
following steps.
Prerequisite Configure your Role Based Access Control (RBAC) or Access Control List (ACL), or
configure daemons to run on a non-root user account
1. When you install Perceptive Content, change the ownership of all files to <username>:bin, where
<username> is the user you want as the owner instead of root. The following example changes the
ownership of all files to the user imgnow.
chown -R imgnow:bin ./inserver
2. In the rc.local/init.d startup script, run the daemons as the user you created. In the examples in this
guide, the user is imgnow
How do i run the daemons as the non root user? what changes i have to make in rc.local/init.d ?
# 10  
Old 08-09-2018
Quote:
Originally Posted by Soumyadip Dutta
Yes just now i realized a point i missed "to run as a daemon".
One more help, according to the guide -

How do i run the daemons as the non root user? what changes i have to make in rc.local/init.d ?
I suggest you search the forums for "how to start daemons" or similar searches.

That's a pretty basic question that was probably asked 10 years ago.
# 11  
Old 08-09-2018
HINT:

Most software packages have a command line option to start the program as a daemon process and also a flag for what userid to run as.

Example:

Code:
/usr/local/bin/myprogram  -D -u myUserID

Or something like that.

Just read the docs on the app you are trying to run.

HINT2:

Visit your directory /etc/rc.d and read the startup files in there.
# 12  
Old 08-09-2018
HINT3:

Here is a file from a Linux server:

Code:
root@www:/etc/rc.d/init.d# ls
monitorix
root@www:/etc/rc.d/init.d# cat monito*
#!/bin/bash
#
#	/etc/rc.d/init.d/monitorix
#
# Starts the Monitorix daemon
#
# chkconfig: 2345 99 10
# description: Monitorix is a lightweight system monitoring tool
# processname: monitorix
# config: /etc/monitorix.conf
# pidfile: /var/run/monitorix.pid

### BEGIN INIT INFO
# Provides:          monitorix
# Required-Start:    $local_fs
# Required-Stop:     $local_fs
# Default-Start:     2 3 4 5
# Default-Stop:      0 1 6
# Short-Description: Start up the Monitorix daemon
# Description:       Monitorix is a free, open source, lightweight system
#                    monitoring tool designed to monitor as many services and
#                    system resources as possible.
### END INIT INFO

# Source function library
. /etc/init.d/functions

if [ -f /etc/sysconfig/monitorix -a $UID -eq 0 ]; then
	. /etc/sysconfig/monitorix
fi

RETVAL=0
PROG="monitorix"
DAEMON="/usr/bin/monitorix"
PIDFILE="/var/run/monitorix.pid"
CONF="/etc/monitorix.conf"

start() {
	if [ ! -f /var/lock/subsys/$PROG ] ; then
		echo -n $"Starting $PROG: "
		daemon $DAEMON -c $CONF -p $PIDFILE $OPTIONS && success || failure
		RETVAL=$?
		if [ $RETVAL -eq 0 ] ; then
			touch /var/lock/subsys/$PROG
			echo
		fi
	fi
}

stop() {
	echo -n $"Stopping $PROG: "
	killproc $PROG
	RETVAL=$?
	rm -f /var/lock/subsys/$PROG
	rm -f $PIDFILE
	echo
}

restart() {
	stop
	start
}

case "$1" in
	start)
		start
		;;
	stop)
		stop
		;;
	restart)
		restart
		;;
	condrestart)
		if [ -f /var/lock/subsys/$PROG ] ; then
			restart
		fi
		;;
	status)
        	status $PROG
		;;
	*)
		echo $"Usage: $0 {start|stop|restart|condrestart|status}"
		exit 1
esac

exit $RETVAL

Reading the files on your Linux server will provide you with a vast amount of knowledge.
This User Gave Thanks to Neo For This Post:
# 13  
Old 08-09-2018
Yes a great help indeed!!
Thanks a lot Neo!!
# 14  
Old 08-09-2018
This stuff is really easy if you just slow down a bit and read the instructions.

It's hard to believe, I know.. but it's actually faster to do it slower, LOL
Login or Register to Ask a Question

Previous Thread | Next Thread

10 More Discussions You Might Find Interesting

1. AIX

Best practices for sugroups for root ? backdoor user access ?

greetings, just ran across a fun situation we had overlooked. We have a backdoor user, no special privileges, which we put on every server so that anyone in the shop can get in (passwd in vault) if they need to, even if they don't have a local account on that server. The point of course is to... (3 Replies)
Discussion started by: maraixadm
3 Replies

2. Solaris

Sudo access of rm to non-root user

Hello, It is Solaris-10. There is a file as /opt/vpp/dom1.2/pdd/today_23. It is always generated by root, so owned by root only. This file has to be deleted as part of application restart always and that is done by app_user and SA is always involved to do rm on that file. Is it possible to give... (9 Replies)
Discussion started by: solaris_1977
9 Replies

3. UNIX for Advanced & Expert Users

One user to su to another without allowing root access and password

Hello Gurus, I want One user to su to another without allowing root access and password. I want to run a specific command as below from user am663: --------------------------------------------------------- sudo -u appsprj4 /home/appsrj4/scripts/start_apache.sh ------------------- But... (6 Replies)
Discussion started by: pokhraj_d
6 Replies

4. Shell Programming and Scripting

How to give root access to non root user?

Currently in my system Red Hat is installed. And Many user connect to my machine via SSH Techia Terminal. I want to give some users a root level access. Can anyone please help me how to make it possible. I too searched on the Google but didn't find the correct way Regards ADI (4 Replies)
Discussion started by: adisky123
4 Replies

5. UNIX for Dummies Questions & Answers

How to allow access to some commands having root privleges to be run bu non root user

hi i am new to unix and i have abig task. i have to \run particular commands having root privileges from a non root user. i know sudo is one of the way but i need sum other approach kindly help Thanks (5 Replies)
Discussion started by: suryashikha
5 Replies

6. Solaris

Non-root user access to privileged ports-Solaris 8

Please let me know how to setup a non-root user to be able to access a privileged port (<1024) on Solaris 8. I am currently running tomcat as "tomcat" user and I get the following error during to start up: SEVERE: Error initializing endpoint java.net.BindException: Permission denied<null>:443 (5 Replies)
Discussion started by: pingmeback
5 Replies

7. Shell Programming and Scripting

access user history as root

Hi, I need to access a user's command history. However, the dilemma is that he is logged in and so his current history is not yet flushed to .bash_history file which gets flushed when he logs out. Is there a way I can still access his most recent history? thank you, S (4 Replies)
Discussion started by: sardare
4 Replies

8. Solaris

I can not access root user through LAN

Dear i have installed Solaris 10 on SUN V240 after installation i can not access system through root user if i access system through any other user it conects but root is not connecting through LAN if i connect through SC and then access root though cosole -f command it also works kindly... (6 Replies)
Discussion started by: rizwan225
6 Replies

9. Programming

/dev/mem on Dell Poweredge

Hi, I have a C++ program to access /dev/mem and retrieve details like Vendor, Manufacturer details of the motherboard. This works fine on all the machines except for on Dell Poweredge 2850,1950... machines. I receive a 'EFAULT' when I try to access /dev/mem on these servers. I suspect some... (1 Reply)
Discussion started by: ragisreekanth
1 Replies

10. HP-UX

user commands without root access

Hi I have been asked to find out how to 1) create users 2) reset passwords 3) kill processes that may require root privileges without having root password, sudo rights or rights to passwd command Any ideas? Thanks in advance (1 Reply)
Discussion started by: emealogistics
1 Replies
Login or Register to Ask a Question