I've created an app that also uses TPM for signing/encryption/decryption(with tss2-fapi library)... But I am newbie when it comes to linux(ubuntu) permissions. Now, when I am running the app I always have to run it:
sudo ./tpmProjectApp
Running the app like this does not create any problems.
I want the any logged user(also with limited permissions), to run this executable, but I don't want him to communicate with TPM in any other way.
So I was wondering, is there any way for user to be able to run this application without needing to use sudo?
I have tried assigning the executable to root with:
sudo chown root ./tpmProjectApp
and set setuid(also tried g+s) bit:
sudo chmod u+s tpmProjectApp
The permissions than looked as:
-rwsrwsrwx 1 root root 713608 apr 14 16:02 tpmProjectApp*
but then when I run ./tpmProjectApp I get errors that normally I don't.
e.g. Key P_RSA2048SHA256/HS/SRK/myRsaKey not found.But I know that the key exist, because the app works if I run it as sudo. I think that assigning root permissions to this executable could be less pain than trying to modify tpm files if problem is there.