Root Priveleges at user level

Posted on 2004-11-09
Last Modified: 2010-04-21
I am doing some embedded programming developing applications in linux. I have to do some low level port i/o in my application.

I am using inb/outb commands for which I am using iopl(3) to get access to these ports.

My question is, I am able to do these i/o operations as root and not as a user. Is there anyway that my program runs when I login as a user. I tried setuid(0). It didnt work. I am getting the same segmentation fault.

Any help is appreciated.

Phani Piratla.
Question by:dinkarece

    Author Comment

    I think I solved the problem.

    I su 'd to root and then compiled the program
    and then executed
    chmod u+s oct_raw

    and then exit out of the root privileges.

    It works like charm.....

    Thanks anyways,

    Author Comment


    I think I was still under su and thats the reason it worked. I realized that when I restarted the machine and logged in as a user and then tried to execute that program. Then I realized that it is still not working. Any help is appreciated.

    Thanks. :(
    LVL 16

    Expert Comment


    I believe you have to 'setuid' your program after logging in as root.

    LVL 6

    Expert Comment

    In your original post you state: I am getting the same segmentation fault.

    What segmentation fault, and the same as under what other conditions?

    Basically what you ae doing is correct: make the program owned by root and setuid.
    If you do that there is no need to make setuid(0) calls inside your code because the whole program is being run as root.

    Well behaved programs that are setuid however immediately drop as many privileges as possible after being started and only revert back to root-level for the "critical" section. That way you try to reduce the risk of a breakin through your setuid-program.

    Author Comment

    Thank you guys for responding me.

    I guess I figured out the source of my problem.
    I have a module that I have to load in my setup.

    ./modload 9054

    when I execute the above command as a user, I get the following error.

    mknod: `/dev/plx/Pci9054' : Operation not permitted

    If I execute or su to root, everything is fine.

    This is the problem I was having as a user.  I have the invocation of this command inside my "modload" file. I also see some comments in the file saying that I have to execute this as a root or as a user with root privileges.

    So, can't I not execute mknod as a user?

    Thanks for your response.

    LVL 6

    Accepted Solution

    Most  likely in this case is that the /dev directory rescricts the rights of non root users. Which is a good idea by the way! Creating nodes in that subdirectory might trick programs into trusting the underlying devices.

    Generally it is considered normal to execute this sort of stuff (loading modules, creating nodes, etc) as root. After all if you can load a module into the kernel you own the system. You should be root to do that!

    For your actual question: So, can't I not execute mknod as a user?
    You can execute it as an user, it is done on a regular basis for example when you create named pipes. It does not appear to be possible to create block or char devices when you are a mere user. Why that is I cannot tell straight away, we would need to check the code for mknod :)

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Why You Should Analyze Threat Actor TTPs

    After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

    Have you ever been frustrated by having to click seven times in order to retrieve a small bit of information from the web, always the same seven clicks, scrolling down and down until you reach your target? When you know the benefits of the command l…
    The purpose of this article is to fix the unknown display problem in Linux Mint operating system. After installing the OS if you see Display monitor is not recognized then we can install "MESA" utilities to fix this problem or we can install additio…
    how to add IIS SMTP to handle application/Scanner relays into office 365.
    In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor ( If you're interested in additional methods for monitoring bandwidt…

    761 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    9 Experts available now in Live!

    Get 1:1 Help Now