Find the answer to your Linux question:
Results 1 to 5 of 5
Dear All, How can i control the privileges of an executable file ? For example, I have an executable file that i don't want to allow it to read another ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Jul 2011
    Posts
    3

    Question Controlling Executable file privileges


    Dear All,

    How can i control the privileges of an executable file ? For example, I have an executable file that i don't want to allow it to read another file or write to it even if it asked to. And i don't want it to connect to a socket. And i don't want it to execute a linux command (using "system(COMMAND_STRING)" for example). I just want it for printf and scanf only.

    How can this be done ?

    Thanks in advance,

  2. #2
    Trusted Penguin Irithori's Avatar
    Join Date
    May 2009
    Location
    Munich
    Posts
    3,387
    Possibly with SELinux
    Be aware though, that selinux configuration is not trivial to implement.
    You must always face the curtain with a bow.

  3. #3
    Just Joined!
    Join Date
    Jul 2008
    Posts
    93
    Quote Originally Posted by Omar_Mokhtar View Post
    Dear All,

    How can i control the privileges of an executable file ? For example, I have an executable file that i don't want to allow it to read another file or write to it even if it asked to. And i don't want it to connect to a socket. And i don't want it to execute a linux command (using "system(COMMAND_STRING)" for example). I just want it for printf and scanf only.
    More information needed.
    Where did this executable file come from? Did you create it from source? If so, you can give it only the privileges you want
    If it came from somewhere else ready-built, you don't have nearly as much control over it.

  4. #4
    Linux Enthusiast Mudgen's Avatar
    Join Date
    Feb 2007
    Location
    Virginia
    Posts
    664
    Quote Originally Posted by Irithori View Post
    Possibly with SELinux
    Be aware though, that selinux configuration is not trivial to implement.
    You could almost certainly accomplish your (rather vague) goals with selinux. As Irithori suggests, this is not for the faint hearted.

    Short of that, if the goals can be narrowed and more clearly defined, you might be able to get what you want with a chroot wrapper and/or setuid/setgid perms on the executable, coupled with ownership/perm settings on the target objects.

  5. #5
    Just Joined!
    Join Date
    Dec 2009
    Location
    California
    Posts
    98
    I think what you want would be to execute this program in a chroot'd environment. You can search for bind or ftp chroot to see how this is done.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •