Steve's random ramblings and technical notes

Tuesday, December 07, 2004

Running Linux Apps w/o becoming Root

Pulled from the ntop FAQ, but applicable to any linux app. I used this trick to run iftop without having to su every time I logged in.
Q. How can I run ntop without being root?
A. A very simple way of doing this is:
  • su
  • chown root ntop
  • chgrp root ntop
  • chmod 6111 ntop
  • exit
This makes ntop read-only for everyone and sets the setuid and setguid bits.
Do not forget to use the -u flag so that ntop changes user as soon as it is started.
Understand that setting the Setuid and Setguid bits allows ANY user to run ntop and it will run with ROOT privledges. This is very powerful, and often a source of security exposure - many system hardening scripts and recomendations tell you to look for and remove the setuid and setguid bits.
Comments: Post a Comment

<< Home

This page is powered by Blogger. Isn't yours?