Mailinglist Archive: opensuse (946 mails)

< Previous Next >
Re: [opensuse] Run command as another user
On 29/09/17 14:18, David T-G wrote:
Andrei, et al --

...and then Andrei Borzenkov said...
%
% On Fri, Sep 29, 2017 at 2:44 PM, David T-G <d13@xxxxxxxxxxxxxxx> wrote:
% >
% > Your first step is to get root access,
%
% wrong. Read my earlier reply.

Do you mean the one where you said to compile an SUID binary to call bob's
script? The binary that, while easy to make, requires root to install?
That reply? Or did I miss a reply from you that doesn't involve root
at all?

[I don't think that you were the guy who proposed using expect, which
although not invalid is a lot less optimal than ssh if the latter is
possible., although I'm not going to spend too much digging back through
the thread to confirm.]


HAND

:-D
I believe everyone is getting confused. I do not want root access, nor can I obtain root access. There is a script which is run from a standard user account. I cannot change this in any way, however there is one command in the script which requires sudo / root.

There is one user on this system (which we have named bob for this example). Bob is in the sudoers group so can run sudo commands.

So I was thinking that I could make a small C / C++ program. In the script I could call llike this:
cprogram --user bob --pasword bobspassword

So this c program now has the credentials of Bob. So essentially the C program can authenticate as Bob using his username and password.

Once the C program is authenticated as bob, any command which is run will appear to be running from bob's account. Therefore with Bob's privileges therefore allowing sudo commands to be run (as Bob).

I have written the c++ program up to the last two steps. The bit I am stuck on is executing a command using credentials.

I would normally use; system("command"); to run a command as whichever user executed my program.

But in this case I am looking for something like the following:

char username = "bob";
char password = "bobspassword";
system("command", username, password);

If that makes sense? But I do not think system can do such a thing. Can it?

There must be a way to do this somehow...

Paul

--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse+owner@xxxxxxxxxxxx

< Previous Next >
List Navigation
Follow Ups