Linux text editors and permissions

Posted on 2005-03-19
Medium Priority
Last Modified: 2010-04-22
Linux Fedora C2
I have a LAN of some 20 semi-trusted users with very little knowledge, this could be improved if I could give them access to a text editor like "gedit", the trouble is "gedit" has one option too many: the ability to run a command.
These users have RO permission on the files accessible to them but scripts they have permission to use change that permission to RW for selected files.
My question:
with the use of "gedit", is the risk limited to the files mentioned above or is there bigger risks to contemplate?  If so, what are those risks?
Thank you for your help.
Question by:rblampain
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2

Assisted Solution

aromberg earned 600 total points
ID: 13584513
If the users can run a command, then they can theoretically run bash, or any other shell program and escape out.  OpenOffice has a text editor also, and it may be easier for them to learn.
LVL 38

Accepted Solution

wesly_chen earned 900 total points
ID: 13584727

   In addition to OpenOffice (big giant package), you might want to try abiword, which is in Fedora Core 2 CD or
you can do
rpm -ivh http://download.fedora.redhat.com/pub/fedora/linux/core/2/i386/os/Fedora/RPMS/abiword-2.0.5-1.i386.rpm

   If the gedit is not run as root or have SUID bit enable, to run the shell command should be ok since the regular users
have only limited permission/privilege.

   All you need to do is make sure the directory and file permission so they have no permission to overwrite/delete
the files which they suppose not allowed to.

   vi can start another shell or execute a shell command, too.



Author Comment

ID: 13588867
Thank you both. Nobody knows how to fix this, we might have to hire a pro to hack the code when funds permit (we're a NFP).
I'll have a look at "abiword" but I've found a few others suggested to me are further from our specs than "gedit".

Expert Comment

ID: 13588887
if the user doesn't have to have a graphical interface, nano looks to be something where they cannot escape out of it.

Author Comment

ID: 13590996
Thanks to aromberg but the GUI is vital.

Featured Post

Bringing Advanced Authentication to the SMB Market

WatchGuard announces the acquisition of advanced authentication provider, Datablink, with one mission – to bring secure authentication to SMB, mid-market, and distributed enterprises with a cloud-based solution, ideal for resale via their established channel & MSSP community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

BIND is the most widely used Name Server. A Name Server is the one that translates a site name to it's IP address. There is a new bug in BIND (https://kb.isc.org/article/AA-01272), affecting all versions of BIND 9 from BIND 9.1.0 (inclusive) thro…
Fine Tune your automatic Updates for Ubuntu / Debian
Michael from AdRem Software outlines event notifications and Automatic Corrective Actions in network monitoring. Automatic Corrective Actions are scripts, which can automatically run upon discovery of a certain undesirable condition in your network.…
Visualize your data even better in Access queries. Given a date and a value, this lesson shows how to compare that value with the previous value, calculate the difference, and display a circle if the value is the same, an up triangle if it increased…
Suggested Courses

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question