UNIX for Advanced & Expert Users

Hi All,

I have to install an application which needs access to system BIOS information.
The application needs to be installed by non root user.
How would i grant read privileges of /dev/mem file to the non root user so that it can capture system BIOS information while running the application?
Using Linux OS.

Kindly assist.

It would be more secure to copy the data from a secure area (on root has access) to a non secure area (where the not root user has access) and then permit the non root user to access the data.

As far a /dev/mem goes, I recommend you only copy the data that the non root user needs to access for the task.

It would be a huge security violation to permit not root users to access /dev/mem.

Cheers.

Hi Neo,

Thanks for the suggestion but its a vendor application ( binary file ) which cannot be modified to read the /dev/mem information from a different path.

Regards

------ Post updated at 01:26 PM ------

Also the vendor is suggesting to use the below command to grant privilege -

Code:

usermod -K defaultpriv=basic,file_dac_read <non root user>

But i cant find -K option for usermod command. It says invalid option.
Is there any alternate command or option to grant the same rights to the non root user like above?

Thanks in advance!!

I would not use usermod for this. It's not secure to permit users access to /dev/mem.

That is a total violation of the Linux kernel security model, having user processes access memory directly with using the root level system calls.

Who is the vendor and what is the product they are attempting to use in this insecure mode?

I agree with you.
Vendor is Hyland and the product is Perceptive Content 7.1 ( formerly known as Imagenow ).

Keeping aside the data/security violations, if we need to test if it working or not how do we achieve that? Can you help with the right commands ?

I checked the docs for this app (attached), and there is no requirement anywhere in the doc for the Linux server side app to need to modify users to permit root access to kernel memory.

The main reason anyone would be trying to get you to do this is that they have set up the system "wrong" and have a permissions (access) problem, which is typical of less experienced sys admins.

Then, instead of solving the core problem (a file permissions issue or incorrect user setup, etc), they are asking you to grant a user root access to kernel memory.

This is a terrible idea.

You need to get to Hyland's system programmers and let them help you solve this problem, because the Hyland techs working with you now do not seem to understand how to troubleshoot a permissions issues on their app.

Do you have root access to this Linux machine?

Sure, the development team from Hyland is working on the same.
They have given the best practice guide to follow ( attached ).

Link - https://docs.hyland.com/ImageNow/en_..._Guide_7.0.pdf