this post was submitted on 02 Nov 2023
33 points (90.2% liked)

Linux

47952 readers
1138 users here now

From Wikipedia, the free encyclopedia

Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).

Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.

Rules

Related Communities

Community icon by Alpár-Etele Méder, licensed under CC BY 3.0

founded 5 years ago
MODERATORS
 

Run command as not-root

Hi everyone

At work, I have to run a command in an AWS instance. In that particular instance only exists the root user. The command should not be executed with root privileges (it executes mpirun, which is not recommended to run as sudo or the machine might break), so I was wondering if there is a way to block or disable the sudo privileges while the command is running. As mentioned, the only user existing there is root, so I suppose "sudo -u" is not an option.

Does anyone know how to do it? Thanks in advance!

@linux

you are viewing a single comment's thread
view the rest of the comments
[–] astraeus 15 points 1 year ago (6 children)

There are no other users at all? Seems like a lot of stuff simply wouldn’t work without a single non-root user, not to mention this is a pretty bad security stance considering the only user is the most powerful one.

If you do have another user on the instance you can su as that other user, nobody for example, from the root account. Run ‘cat /etc/passwd’ and you will see every available user on the instance.

[–] [email protected] 2 points 1 year ago (2 children)

@astraeus yep, completely agree on the security issues, that is a mistake that should be fixed. But for the moment I confirmed that root is the only user, and every file and program in the instance can only be used by root (I just created a new user and tried to run the command with su -c but got a lot of permission denials and command not found)
If I could hide or disable my own sudo permissions that would save me a lot of work, but I'm starting to think that something like that doesn't exist 🙁

[–] astraeus 4 points 1 year ago (2 children)

Unfortunately hiding sudo from root would lead to much greater issues. You can remove sudo privileges from a non-root user, but I don’t think there’s a feasible way to do so for root.

Does your new user have a proper shell setup? If you type bash in the new user’s terminal does it give you anything?

[–] [email protected] 3 points 1 year ago (1 children)

If everything on the machine is owned by root and does not provide global read or execute permissions then a new user would not be able to access it without being in the root group. Assuming the files have group permissions set at all anyways.

[–] astraeus 1 points 1 year ago

It’s nothing but root all the way down

[–] [email protected] 1 points 1 year ago

@astraeus yes, the new user has bash and all the gnu utils, but not access to some files or the tools needed to run the command I want (it uses python and postgres). I can configure all of that but I really wanted to skip all that work lol. But looks like the security concerns are greater that my lazyness so I'll start setting the system correctly so the new user can execute what I want

[–] [email protected] 3 points 1 year ago

I don't think you understand what root is. By definition it has those permissions because it's root.

load more comments (3 replies)