Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 12 years ago.
Improve this question
Is there a way to sandbox a linux process into a certain directory, and give this process exclusive rw access to this dir? For example, create a temporary working directory, and start e.g. python or another scripting tool in such a way that it can only write in this directory, without limiting too much of its functionality. And also that only this process can access read from this directory (except for superusers of course).
I need this to sandbox a web service that basically allows users to run arbitrary code. We currently do authorization in the software itself, but in the end all processes run as one and the same linux user. We would need a way in which a user cannot do any harm on the system, but does have a temporary private working directory to write and read files that is protected from the other users of the webservice.
File permissions are based on owner/group not process so multiple programs run by the same user are going to be able to access owned directories. However if you create a temporary directory for each process before it runs and then chroot() it then no process should be able to get out of its chroot jail to access other directories.
The basic notion is that the temp directory becomes the top of the directory tree as far the process is concerned. The process doesn't know about, nor can it change to, anything above it. Otherwise it can read/write create/delete whatever to its heart's content in its sandbox.
For instance:
/rundir
/rundir/temp1 <-- process 1 chroot jailed here, can't go above
/rundir/temp2 <-- process 2 chroot jailed here, can't go above
See also "man 8 chroot".
in such a way that it can only write
in this directory, without limiting
too much of its functionality.
Wow, this sounds almost magical. Hardly a programming question.
Sounds like you want something like the Linux equivalent of the FreeBSD Jail, or at least something quite similar. This blog posting contains the description of a tool with the same name at least.
You could use a kernel patch like Grsecurity (there are others that could do the job, I think, look for SELinux and AppArmor) to enforce RBAC (role-based access control) for a certain process.
I think using a security enhanced kernel is a must, given your usage scenario.
Related
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 9 years ago.
Improve this question
I have added some environment variable as an export path to bash shell. Unfortuanately, I did it wrong and now I can't login to my account in Ubuntu.
Is it possible to remove these export commands from .bashrc, or can we directly replace this
bashrc to the one defined by the system like default?
I can't login even after entering the correct password, but at the same time I can login through guest account.
This might give some idea about the problem. I got this using Ctrl + Alt + F1 at the login screen.
Last login: Wed Jan 22 13:17:57 CET 2014 on tty1
Welcome to Ubuntu 12.04.4 LTS (GNU/Linux 3.8.0-35-generic x86_64)
* Documentation: https://help.ubuntu.com/
-bash: export: `:': not a valid identifier
-bash: export: `usr/local/SHTOOLS2.8/modules': not a valid identifier
-bash: export: `:': not a valid identifier
-bash: export' `usr/local/SHTOOLS2.8/lib': not a valid identifier
You need to get write access to the misconfigured start script (.bashrc). Can that be achieved via the guest account? I doubt it. Otherwise just edit your file using sudo pico /home/user/.bashrc.
You can always get write access by starting a runtime system from a Ubuntu boot disk. That on-the-fly system which starts then can mount the hard disks so you can then modify the .bashrc in question. I pray you are not using a crypted home directory.
You can also try out whether you can log in to your account via ssh (you need to have an sshd installed and running for that of course). If you can connect but the login stays broken, maybe you can at least execute commands via ssh: ssh user#host date (using date just for testing purposes). If at least this functions, we can start patching your broken script file via commands.
You have two problems:
(1) You need to re-gain system access
(2) You need to fix .bashrc
Solution:
(1) Problem#1:Regaining Access
(1)(a) If there is another user with sudoers permissions (i.e. the user can execute "sudo" to execute commands as root), then have that user log in and you will have access to the system to perform the solution to Problem#2.
(1)(b) if you do not have another user account on the system, you will need to boot from an Ubuntu or other live CD and mount the file system for repair operations to Problem#2. That is outside of the scope of this specific problem, but there are plenty of docs to that effect online.
(2) Problem#2:Repairing .bashrc
(2)(a) The simplest approach is to make a backup copy of .bashrc in your home directory, calling the bad file something like myBadbashrc. Then you can replace the file with a fresh .bashrc from /etc/skel or whereever your particular system gets its new-account template from.
(2)(b) If you don't feel like replacing the above file, you can do edits and continue testing through iterations.
(3) A footnote on .bashrc or other account maintenance. Always test with a TEST account. if you can't do that, then login under another terminal WHILE you are still logged in to make sure things work right. The good news: We have ALL done what you've just done and learned this lesson the hard way. ;-)
--Sam
Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 9 years ago.
Improve this question
I am new to both postgreSQL and Linux. I just installed it and discovered that it creates its own user postgres. This i am pretty sure about because you can even login as this user in the GUI mode in almost all linux distributions(tried for ubuntu and fedora). But you will not find a single directory relating to this user inside the home folder.
cat /etc/passwd | grep /home | cut -d: -f1
try the above to see all of users and you won't have postgres there.
To change password for postgres
switch to root using
su
And use
passwd postgres
to change password and then login at the gui using switch user. The account is fully functional.
But why there is no directory for this user inside the HOME folder?
Please give a full working details of linux and postgresql in the answer.
Thanks in advance!! :)
That there is a dedicated user for PostgreSQL is a security measure, so the DB processes can run with that user's (limited) priviledges instead of running as root.
Whether or not you can actually log on with that user, and what that user's home directory should be, is the decision of the package maintainer / the Linux distribution in question. Since the postgresql user should not be (ab-) used as just another user (with own desktop settings, user data etc.), I wouldn't question the wisdom of not giving it a home, but rather why he is enabled to log in in the first place.
Edit: Being ignorant of the fine print of PostgreSQL, and a bit confused by the wording of your question, I argued the general case. Ignacio pointed out that you had to actually break the system (unlock the user's password with root priviledges) to even be able to log in as postgresql user. So the answer can be phrased even simpler:
The user does not have a directory in /home because you are not supposed to ever log in as that user. It's for running the database processes without root priviledges, nothing else.
(Note that you could, using the same technique, log in as user man, or user lp, or user mail. You could, but it wouldn't make sense, and unlocking those user's passwords actually weakens the security of your system.)
Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 10 years ago.
Improve this question
Suppose I were to set up an ubuntu machine and install some services and software on it. Further suppose I were to set up another stock ubuntu machine, this time without the additional services and software. I know there are ways of creating installation/setup scripts or taking disk images and such to build large numbers of identical machines, but if I were to programmatically take a file-based diff between the installations and migrate all file additions/changes/removals/etc from the fully configured system to the stock system, would I then have two identical, working systems (i.e. a full realization of the 'everything is a file' linux philosophy), or would the newly configured system be left in an inconsistent state because simply transferring files isn't enough? I am excluding hostname references and such in my definitions of identical and inconsistent.
I ask this because I need to create a virtual machine, install a bunch of software, and add a bunch of content to tools like redmine, and in the near future I'm going to have to mirror that onto another vm. I cannot simply take a disk image because the source I receive the second vm from does not give me that sort of access and the vm will have different specs. I also cannot go with an installation script based approach at this point because that will require a lot of overhead, will not account for the added user content, and I won't know everything that is going to be needed on the first vm until it our environment is stable. The approach I asked about above seems to be a roundabout but reasonable way to get things done so long as it its assumptions are theoretically accurate.
Thanks.
Assuming that the two systems are largely identical in terms of hardware (that is, same network cards, video cards, etc), simply copying the files from system A to system V is generally entirely sufficient. In fact, at my workplace we have used exactly this process as a "poor man's P2V" mechanism in a number of successful cases.
If the two systems have different hardware configurations, you may need to make appropriate adjustments on the target system to take this into account.
UUID Mounts
If you have UUID based mounts -- e.g., your /etc/fstab looks like this...
UUID=03b4f2f3-aa5a-4e16-9f1c-57820c2d7a72 /boot ext4 defaults 1 2
...then you will probably need to adjust those identifiers. A good solution is to use label based mounts instead (and set up the appropriate labels, of course).
Network cards
Some distributions record the MAC address of your network card as part of the network configuration and will refuse to configure your NIC if the MAC address is different. Under RHEL-derivatives, simply removing the MAC address from the configuration will take care of this. I don't think this will be an issue under Ubuntu.
I have the same questions as this post
Only that my question is on the Linux platform
I have a directory in my folder
and I don't know which program has created it
Is it possible to know ?
Thanks
Same answer applies, unless the file itself has metadata like some .doc files and such that contains the information you cannot know what created the file (unless you create a kernel module to intercept block requests to create new files and check what application submitted the request but that is probably not what you want to do).
The answer is the same as in the previous question -- generally, no.
However, you can look at the owner and group of this directory; if the program that creates it is a daemon (service) process, it might be running under its own user / group and thus the files / directories created might have those ownerships.
What does this say?
ls -l /path/to/the/directory
The answer is the same as the one for question you linked. Linux doesn't store information about the creator of the file as far as which program did it. But, like the other answer said, you could create a monitor and record that information yourself.
I want to build a web based admin tools that allow the system admin to run pre-configured commands and scripts through a web page (simple and limited webmin), what is the best approach?
I already started with Ubuntu installing LAMP and give the user www-data root's privileges !!!
as I learned (please check the link) this is a really bad move !!!, so how to build such web-based system without the security risk?
cheers
I did something like this a couple of years ago. It was (I like think) fairly secure and only accessible to a limited number of pre-vetted, authenticated users, but it still left me with an uneasy feeling! If you can avoid doing it, I'd recommend you do :)
I had a database sitting between the frontend web-tier and the script which was actually executing actions. The relevant table contained a symbolic command name and an optional numeric argument, which was sufficient for my needs. This allows you to audit what's been executed, provides a quick and dirty way to have a non-www user do things, and means if the website is compromised they're constrained by the DB structure (somewhat) and the script which pulls data from it.
The data from the DB can be read by a daemon running in a separate, unprivileged account. The daemon pulls and sanitises data from the DB and maps the 'command' to an actual executable (with a hard-coded map, so commandA executes A, commandB executes foo, and anything else would get flagged as an error). The account can be locked down using AppArmor (or SELinux, I imagine) to prevent it from executing, reading or writing anything you don't expect it to. Have a system in place to alert you of any errors from either the daemon or AppArmor/SELinux.
The executables which the daemon runs can be setuid'd if appropriate, or you can use the sudoers mechanism to allow the unprivileged account to execute them without a password.
I already started with Ubuntu installing LAMP and give the user www-data root's privileges
Don't do this.
If you really want to execute some very specific scripts under root privileged. Create such predefined very limited scripts, allow their password-less execution with sudo for specific user and then run them via script and don't forget authentication.
Generally this is bad idea.
SSH is your best friend.