0

So I have a NodeJS app with a node module called linux-user it just provides a api to view / change Linux users through javascript. In my app I just have it scanning and outputting what the userid is and the username for the linux host. I want to put this file into production but it requires the JavaScript file to be run as root to run. However I don't want someone to tamper with it without the proper permissions but still able to run without running the app as root when I call it. What is the process to change the ownership of this file?

The file must do this:

  • Execute without needing root.
  • Can only edit the script with sudo
InitEnabler
  • 63
  • 10
  • looks like you're making a gun to be able to shoot off your own leg. – user3159253 Dec 03 '15 at 02:47
  • the question is: do you *really* care about security and "transferability" of your solution to other linux hosts? If yes, do you know target distributions for your product? Or maybe you need a "localhost" or "localnet" hack to be used here and now, w/o any global plans? – user3159253 Dec 03 '15 at 02:55
  • Well, the script (The script that I'm making just checks if the sent username is in the database, and this is only checked if it passes another check with the password and username. The script is just going to be used for sessions.) doesn't touch the client in anyway. The only way that someone can tamper with that specific file (To my knowledge) is internal. If the intruder already has your password and username, your already screwed and he / she won't need a script to tamper with your server. – InitEnabler Dec 03 '15 at 03:10
  • Actually I found another library that is more secure, `usersid`, I don't even have to use sudo to run the script. Also it has more trimmed down feature set. – InitEnabler Dec 03 '15 at 03:32

1 Answers1

0

Probably not the best idea to give the script root user permission. This can do a lot of damage potentially. However, considering this is what you want to do, you need to change the owner to root and then set permission in a way so that only owner has write+execute permission In order to change the owner to root:

sudo chown root <filename>

Then you need to set the permission so that no one else can execute it by:

sudo chmod 740 <filename>

740 = Owner can read, write, excute; users in the same group can read; rest of the users can't read,write nor execute.

tanjir
  • 1,294
  • 13
  • 22
  • This script will run as root only if the script engine runs as root. In this case it doesn't matter if end users could see the content of the script, unless it contains some sensitive information like passwords etc. Hopefully, it does not. – user3159253 Dec 03 '15 at 02:54
  • Right. I don't know what he wants to do.. But seems like he wouldn't want others to see either. In that case, permission could be set in appropriate level.. :) – tanjir Dec 03 '15 at 02:58