Hmmm wasn't thinking very hard when I wrote that mail... On 0, "Eric G. Miller" <egm2@jps.net> wrote: > On Wed, May 15, 2002 at 04:31:09PM +0930, Tom Cook wrote: > > On 0, Alberto Cabello Sanchez <[EMAIL PROTECTED]> wrote: > > > As far as I know, you can't. I think you have to setuid() and exec() in > > > a, say, C compiled program. > > > > No, that's when you want to do it the other way around. > > No. 'Cause if you don't have the priveledge already, a call to > setuid won't give it to you. But, you can give up priveledge.
If you have to setuid and exec to acheive what you want, then what you
are trying to do is become root, which is not what the OP was trying
to acheive. The process he is running is already root and wants to
become him. Therefore I say, no, that's when you want to do it the
other way around.
> > If you are root and want to run it as someone else, then:
> > su -c <cmd>
> >
> > will do it without asking for a passwd.
>
> If you're root, and want to run the command as another user, you
> have to specify which user. That is what the OP wanted to do.
You are correct. I should have written:
su $MY_USER_ID -c <cmd>
> > If you are not root and want to run it as root, then:
> >
> > * Use one of the setuid script wrappers around. I don't know of any
> > off the top of my head, but they must be around.
> >
> > * Write your own setuid script wrapper in C. It's not hard - it goes
> > something like this:
> >
> > #include <unistd.h>
> > int main( int argc, char** argv )
> > {
> > execve( argv[0], argv[1] );
> > return 0;
> > }
> >
> > chown root setuidscriptwrapper
> > chmod u+sx setuidscriptwrapper
> >
> > or something of that order. Control *very* closely who has permission
> > to run this script.
>
> Lucky for you, you're wrapper won't compile. Semantically, it'd invoke
> endless recursion anyway. All around, this is a bad idea. You might as
> well remove the root password.
Yes, this was not well thought out, and was significantly divergent
from what the original poster wanted anyway so I don't know why I went
into it.
However, you are not entirely correct. This does, in fact, compile,
with the exception of the type of execve for execv. It also, funnily
enough, doesn't loop infinitely, which makes me think that the execv
call is just failing. I am Interested, but not enough to figure out
Why.
Tom
--
Tom Cook
Information Technology Services, The University of Adelaide
"Beware of computer programmers that carry screwdrivers."
- Leonard Brandwein
Get my GPG public key:
https://pinky.its.adelaide.edu.au/~tkcook/tom.cook-at-adelaide.edu.au
pgpdw18g8sbvX.pgp
Description: PGP signature
