Mailinglist Archive: opensuse (946 mails)

< Previous Next >
Re: [opensuse] Run command as another user


Am 29.09.2017 um 16:56 schrieb Paul Groves:
On 29/09/17 14:18, David T-G wrote:
Andrei, et al --

...and then Andrei Borzenkov said...
%
% On Fri, Sep 29, 2017 at 2:44 PM, David T-G <d13@xxxxxxxxxxxxxxx> wrote:
% >
% > Your first step is to get root access,
%
% wrong. Read my earlier reply.

Do you mean the one where you said to compile an SUID binary to call
bob's
script?  The binary that, while easy to make, requires root to install?
That reply?  Or did I miss a reply from you that doesn't involve root
at all?

[I don't think that you were the guy who proposed using expect, which
although not invalid is a lot less optimal than ssh if the latter is
possible., although I'm not going to spend too much digging back through
the thread to confirm.]


HAND

:-D
I believe everyone is getting confused. I do not want root access, nor
can I obtain root access. There is a script which is run from a standard
user account. I cannot change this in any way, however there is one
command in the script which requires sudo / root.

There is one user on this system (which we have named bob for this
example). Bob is in the sudoers group so can run sudo commands.

So I was thinking that I could make a small C / C++ program. In the
script I could call llike this:
cprogram --user bob --pasword bobspassword

So this c program now has the credentials of Bob. So essentially the C
program can authenticate as Bob using his username and password.

Once the C program is authenticated as bob, any command which is run
will appear to be running from bob's account. Therefore with Bob's
privileges therefore allowing sudo commands to be run (as Bob).

I have written the c++ program up to the last two steps. The bit I am
stuck on is executing a command using credentials.

I would normally use; system("command"); to run a command as whichever
user executed my program.

But in this case I am looking for something like the following:

char username = "bob";
char password = "bobspassword";
system("command", username, password);

If that makes sense? But I do not think system can do such a thing. Can it?

There must be a way to do this somehow...

Paul


Well, no. We're not confused.
We're discussing ways how you can get your program been run under user
"bob". You can 1) use "expect" in a bash-script and then execute your
program from there or 2) create a sudo-exception, log in as root and
then run sudo --user bob as you don't need credentials for another user
as root.

--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse+owner@xxxxxxxxxxxx

< Previous Next >
List Navigation
Follow Ups