I want a user-privileged (not root) process to launch new processes as user nobody. I've tried a straight call to setuid that fails with -1 EPERM on Ubuntu 8.04:
#include <sys/types.h>
#include <unistd.h>
int main() {
setuid(65534);
while (1);
return 0;
}
How should I do this instead?
You will require assistance and a lot of trust from your system administrator. Ordinary users are not able to run the executable of their choice on behalf on other users, period.
She may add your application to /etc/sudoers with proper settings and you'll be able to run it as with sudo -u nobody. This will work for both scripts and binary executables.
Another option is that she will do chown nobody and chmod +s on your binary executable and you'll be able to execute it directly. This task must be repeated each time your executable changes.
This could also work for scripts if you'll create a tiny helper executable which simply does exec("/home/you/bin/your-application"). This executable can be made suid-nobody (see above) and you may freely modify your-application.
As far as I know, you can't unless you're root or have sudo set up to allow you to switch users. Or, you can have your executable have the suid bit set up on it, and have it owned by nobody. But that requires root access too.
The 'nobody' user is still a user. I'm not sure what your reasoning is in having the program run as nobody, it's not going to be adding any additional security. You're more likely to open yourself to other problems.
I'd follow squadette's recommendation of using a helper application.
calife is an alternative to sudo.
Calife is small program that enable a UNIX system administrator to become root (or another user) on his/her machines without giving the root password but his/her own.
I ran across the setuid-sandbox project today while reading LWN, which does what I'm looking for the proper way.
Related
I'm trying to create a program that determines when a program would run on a Linux system given the path to it's executable without needing root privileges, or scanning /proc/. The reason I don't want to use root privilege is because my program should only look for processes launched by the user that ran it, so I don't see why it should require escalated privilege.
I'm currently periodically scanning /proc/ as I've failed to find any other solution that satisfies my requirements, but it's a very slow way to go about things. The only other solutions that I've come up with are to use the proc connector which I really don't want to do since that requires root, or to use X11's CreateNotify which I also don't want to do since I want this program to run on Wayland as well.
I have a program that should not be ran as root because it does things based on the name of the user among other things. However, there is a possibility that I would need to write a file that is (and should be) just writable as root.
What I could do, but would rather not, is write the file to some temporary file, and then (system "sudo mv /tmp/myfile /destination/myfile"). That would have sudo ask for the password, move the file as root, and then the program would keep running as a normal user. If the user cannot sudo he should not be using the program so that doesn't really matter.
I would like to just be able to write the file from the program without having temporary files though, is there any way to do this?
Read carefully about setuid executables (this is how sudo or su or login works). Read credentials(7), capabilities(7), execve(2), setreuid(2). Read also Advanced Linux Programming.
But be careful. You can introduce security holes or vulnerabilities.
BTW, sudo (or super) could be configured to avoid asking any password (but doing that might be unwise).
I need to create a directory in /var/log using a C program which does NOT run with superuser rights.
This linked question didn't help me!
I understand that the file permissions of /var/log does not allow us to write in it nor do I want to change it.
I use mkdir() to create the directory which fails for obvious reasons.
So, is it possible for a normal (with no root rights) C program to create a directory in /var/log?
My goal: To create a directory using a C program in /var/log without changing the parent's file permission. Should I run my program as root? But I would prefer not to.
Kindly help.
TIA
You cannot programmatically overturn the filesystem's access control.
What you could try to do instead is to use an existing logging mechanism that is provided by the system. For example, journald that comes with systemd allows for per-user logging.
If your program runs as a user, it should only use the user's home directory to store files, wether it being configuration or logging. Think about it this way: What happens if several users want to use your program at the same time?
If your program really is a system daemon, have a look at other software that runs under their own user. They could either have their own logging directory be prepared by the init script that calles them (running the daemon itself as a different user), or they purge their priviledges during startup. An example is httpd, which needs root priviledges to listen on port 80.
I have a written a C program that creates a file "abcd.txt" and write some data into it. I was executing my code by logging with a username"bobby" and so the file abcd.txt was created with owner as bobby.
But my task is, even though I execute my code with some username "bobby", the file should always be created with owner as root. Can someone help me by saying how this could possible?
As a general principle you need your effective uid (euid to be root) either when you are are writing the file or when you perform a chown(2) on the file.
If you are doing this under Linux then there are linux specific methods that you can use.
Generic Solution
Without availability of sudo
This is the old UNIX DAC approach, it's fraught with peril. It assumes that you do not have something like sudo installed or cannot install it.
Your executable should be owned by root and have the executables setuid bit set.
Process
You should use seteuid () to drop your privileges from root to bobby for most of the operation, including writing. When you are done, bring your privilege level back up to root using seteuid(0) and perform a chown() (or fchown on the fd) on the file to change its ownership to root.
some basic safety
For safety set it up so that your executable is owned by root:safegrp where 'safegrp' is name of a group unique to users who are allowed to execute this file (add bobby to safegrp) ; and ensure that the setuid executable's mode is 4510 ;
With availability of sudo
If sudo is available on your system then follow the same process as above for dealing with privileges within the executable but DO NOT set the file mode to setuid, have safegrp added to sudoers for this executable and now bobby can run it with sudo /your/bin/prog
Linux specific solution
POSIX.1e
It is possible to have tighter control over the file use POSIX.1e capabilities support. In your case you wish to grant SYS_CHOWN to your program;
For security reasons, I would probably set that up as a COMPLETELY separate binary or a sub process and still use sudo and perform appropriate dropping of privileges.
linuxacl[ACL Using Access Control Lists on Linux] has excellent tutorial on this topic
SE-Linux
You can use Mandatory Access Control to limit the access to such a dangerous binary but SE linux is a pain to configure :^) although a possibly a good approach
You probably don't want to run your program as root, unless you really have to. Perhaps run "chown" from a shell script after running your program? Or, you can use chown(2) from a program running as root (or with equivalent capabilities, on linux).
Use the chown() method. There are probably more authoritative links, but this one is nice since it includes the calls to getpwnam(). I've done all of this in the past, but unfortunately I don't still have the code (it's owned by IBM).
http://manpages.courier-mta.org/htmlman2/chown.2.html
I need to write a C program that will allow me to read/write files that are owned by root. However, I can only run the code under another user. I have the root password, but there are no "sudo" or "su" commands on the system, so I have no way of accessing the root account (there are practically no shell commands whatsoever, actually). I don't know a whole lot about UNIX permissions, so I don't know whether or not it is actually possible to do this without exploiting the system in some way or running a program owned by root itself (with +s or whatever). Any advice?
Thanks!
P.S. No, this isn't anything malicious, this is on an iPhone.
Under the UNIX permissions system, you need to run a file owned by root itself that's marked setuid-root (+s, as you said) or communicate with some process that is already running as root.
If there is no such file, you are out of luck.
You can do this with setting suid bit to application, but if you want from this c application run a some shell this was be runned on local user if you do it normally this is security system.
However you can read/write/execute files owned by root, but if your user is not in group of file your target file must have setted read/write/execute on last 3 bits or when your user is in file owner group you must check/apply this to 3 bits in middle position. (3 first bits setting permission to owner but this may not by a usable information for you).
If you dont have any access to root account. Then if group and other user permissions dont access functions as you must have, you can't do with this anything except trying get some prilveaged user for access this file. In other cases you can do some fixes in file access permissions but not from this system, you must get hard drive from this device and attach to other to change it or load on this device some live system to change this. However you can do this on privleaged system not on this.
More information about SUID bits you can find at:
http://www.codecoffee.com/tipsforlinux/articles/028.html
http://www.everyjoe.com/newlinuxuser/explain-what-is-setuid-and-setgid/
The iPhone SDK doesn't allow this. Your application is sandboxed and it is not allowed to go outside of that sandbox except in very specific ways provided by Apple. The only way to do this on an iPhone is to jailbreak it.