All the applications you can think of that do something on the desktop are available on Unix-like platforms, even Linux. Microsoft Windows is not a Unix-like platform. Linux has many advantages over Windows, but Windows programs are usually much more popular. Windows will run any application. Linux runs just about any application you can imagine.
Linux Applications on Unix-Like Platforms
Out of the box, it’s easy to run any operating system program from the Linux platform. If you’ve used Linux for a while, you’ll know what “putty” (known as “linux” by most users) is. If you’ve never used Linux, what is putty? This is the best terminal program on the Linux platform. However, some people do not like the look of terminal programs.
If you’ve ever installed another program that tries to use the default, Linux-looking terminal programs, you know that you can’t run those programs on your Linux machine. The software to force your terminal programs to use Linux looks like this:
apt-get install getty
The second line, getty, will run a program that requires a GUI or terminals, depending on what you want. You’ll need to add a little and change a little to make it work.
sudo add-apt-repository ppa:ygrek/bsdutils
and
sudo apt-get update
This allows you to install the new version of “getty”. If you don’t trust your own package manager, you’ll need to re-install “getty”. Remember to install the correct version from the two lines above. For the moment, install the “os”, which is simply “wget” without the quotes, and it will work. (Don’t forget to install su as well.)
This command starts up a “getty” and when it exits it exits without even asking you for confirmation. Using it isn’t a new feature. When we first started using Unix, we were forced to use terminal programs. We couldn’t just use the command line. That was the whole point of Unix. Linux (and Linux distributions) allow you to use a GUI if you so desire. If you’ve ever downloaded and installed an RPM package (which is just a package that contains software you use to install and run that package), you’ve used a GUI. Linux uses the RPM package format for things like this. Here is an example of a “getty” that uses a GUI:
You’ll notice that the command line version was a bit longer, but it’s much easier to read. The getty program, shown above, is actually a small utility that operates under Linux. We’ll talk about “su” in a little bit.
The same system commands above can be used to create a specific set of user accounts. Here are some examples:
su createuser john newusers
These are just simple commands, but remember to replace “john” with your name and “newusers” with your personal account. This command creates a new user account called “john” and assigns it a password of “newusers”.
su gpasswd john newusers
This command creates a new group called “newusers” and assigns the password of “john” to it. “john” is a valid user name.
su cpasswd john newusers
This command assigns the password of “john” to the group “newusers” and disables their (administrator) ability to change group memberships.
The reason these commands were written is so that we could run any set of setuid and setgid commands on the same user account. For example, if the administrator of the Linux machine was Joan, we could add her as a member of the group “newusers” without having to enter her password every time we wanted to do that:
Although this means that the user’s privileges will be limited, we can certainly make the same command work for more than one user. That is, let’s add all users except Joan to the “newusers” group:
Now we can run any setuid or setgid command on Joan. The “allow” command will allow Joan to execute the command, but will kill the user account. “gpasswd” will restrict Joan to the group “newusers” while still granting her the privileges of a member of “newusers”.
su gpasswd Joan newusers
This command ensures that Joan cannot create, delete, or move files on the Linux machine or modify the configuration file system.
Summary
Hopefully this tutorial helped you understand and implement various system and security operations of setuid/setgid commands. Each command that we covered in the introduction offers a specific set of privileges, and also proves to be useful in other ways. By applying the commands found in this tutorial to different situations you may end up creating completely new privileges for the system, restricting users to certain roles, and expanding your operational authority.
Any questions?
