• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 211
  • Last Modified:

Root Priveleges at user level

I am doing some embedded programming developing applications in linux. I have to do some low level port i/o in my application.

I am using inb/outb commands for which I am using iopl(3) to get access to these ports.

My question is, I am able to do these i/o operations as root and not as a user. Is there anyway that my program runs when I login as a user. I tried setuid(0). It didnt work. I am getting the same segmentation fault.

Any help is appreciated.

Phani Piratla.
  • 3
  • 2
1 Solution
dinkareceAuthor Commented:
I think I solved the problem.

I su 'd to root and then compiled the program
and then executed
chmod u+s oct_raw

and then exit out of the root privileges.

It works like charm.....

Thanks anyways,
dinkareceAuthor Commented:

I think I was still under su and thats the reason it worked. I realized that when I restarted the machine and logged in as a user and then tried to execute that program. Then I realized that it is still not working. Any help is appreciated.

Thanks. :(

I believe you have to 'setuid' your program after logging in as root.

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

In your original post you state: I am getting the same segmentation fault.

What segmentation fault, and the same as under what other conditions?

Basically what you ae doing is correct: make the program owned by root and setuid.
If you do that there is no need to make setuid(0) calls inside your code because the whole program is being run as root.

Well behaved programs that are setuid however immediately drop as many privileges as possible after being started and only revert back to root-level for the "critical" section. That way you try to reduce the risk of a breakin through your setuid-program.
dinkareceAuthor Commented:
Thank you guys for responding me.

I guess I figured out the source of my problem.
I have a module that I have to load in my setup.

./modload 9054

when I execute the above command as a user, I get the following error.

mknod: `/dev/plx/Pci9054' : Operation not permitted

If I execute or su to root, everything is fine.

This is the problem I was having as a user.  I have the invocation of this command inside my "modload" file. I also see some comments in the file saying that I have to execute this as a root or as a user with root privileges.

So, can't I not execute mknod as a user?

Thanks for your response.

Most  likely in this case is that the /dev directory rescricts the rights of non root users. Which is a good idea by the way! Creating nodes in that subdirectory might trick programs into trusting the underlying devices.

Generally it is considered normal to execute this sort of stuff (loading modules, creating nodes, etc) as root. After all if you can load a module into the kernel you own the system. You should be root to do that!

For your actual question: So, can't I not execute mknod as a user?
You can execute it as an user, it is done on a regular basis for example when you create named pipes. It does not appear to be possible to create block or char devices when you are a mere user. Why that is I cannot tell straight away, we would need to check the code for mknod :)

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now