https://stackoverflow.com/questions/22907594
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianInsmod requires superuser privilege because inserting a kernel module modifies the operating system kernel. The module will be able to read and write any memory within the system, read or modify any file on disk, change permissions, ownership of any resources, etc.
And generally these are the sorts of the things that are protected by the superuser privilege: ability to bypass access controls on memory, files and other resources, and to perform various administrative tasks needed to operate the system (and that might render the system insecure or unusable if allowed to a malicious user).
In linux, it is possible to configure the system in such a way that there is not in fact a single superuser, but a series of granular capabilities that each can be granted to individual users (indeed this is how it is modeled in the kernel source code: one does not check whether the current UID is zero, one checks whether the current user has the "change-ownership" capability [CAP_CHOWN]). In the huge majority of deployed linux systems, the system is configured with a single all-or-nothing superuser privilege (i.e. whether the calling user has an effective user ID of 0).
The single superuser privilege (EUID == 0) was the traditional model used in Unix from the earliest days, though there have been a number of implementations that provided more granular privileges.
Modifying files outside your home directory is one use, although it is possible to own files in places other than one's home directory, and it is possible for other users to own files within your home directory.
