I am in the process of developing a daemon and user application which will talk to the daemon over a UNIX domain socket to send commands, get status information, etc. The user application will be run by non-root users with the setuid bit set so that it will have an effective uid of root, which will allow it to access resources requiring root privileges. Most files, sockets, devices (ttys, etc.) require root privileges to access them through the file, ioctl system calls. I do not want to run with raised privileges all the time during runtime since it is not secure and frowned upon.
My question, since I have not been able to find anything in books or on the Internet, is there a comprehensive list of system calls, resources that need root privileges to access? I know the resources I am using need raised privileges since I can verify that by debugging with/without the setuid bit set for a given executable, but I am just curious if there is a compiled list somewhere outlining when, when you do not need raised privileges to access resources?
An ioctl
does not require raised privileges per se. A given device might be restricted to special priviliges, but that doesn't mean your program needs to be run as root
:
On traditional linux system, privilege authorization is handled via file-permissions (mostly: group memberships).
Consider accessing a webcam, which shows up as /dev/video3
$ ls -l /dev/video3 crw-rw----+ 1 root video 81, 0 Dec 2 09:21 /dev/video3
So this device can be read/write by root
and any user belonging to the video
group.
So it is enough if the user of a program that wants to control /dev/video3
is a member of the video
group.
Note: "user" need not be a human user; it can also be a system user who's sole purpose is to run a given daemon.
If this is too coarse (e.g. you want to grant a given user access to /dev/video3
but not /dev/video0
; but by default both are writeable by the video
group), it is easy enough to setup udev
rules that will grant more specific permissions for individual devices.