Mailinglist Archive: opensuse (783 mails)

< Previous Next >
Re: [opensuse] Run command as another user
On 02.10.2017 15:02, Paul Groves wrote:

On 30/09/17 00:33, Carlos E. R. wrote:
On 2017-09-29 22:36, David T-G wrote:

The more detail you can give us, the better we can provide ideas :-)
He said he wants to do this in C:

system("command", username, password);

Plain simple :-)


I don't know of a way to call a command giving user and password in its
command line. Except expect. Or ssh with key pairs, not password.
SSH is rather unnecessary as it only needs access to the local machine.

Is there a way of logging into a local shell as a user in C to run the
commands?
He is not root, he can not configure sudo. He has sudo access and the
target user password. But sudo stops the script and asks for the
password. He wants the script to not ask, just provide the password
automatically.
Exactly!
Any method such as expect would store the password in a file in the
clear, so it is a security risk. Correct method I think would be ssh and
key pairs. The login session can store the password to the keys.

Unless I could save the password as something like an md5 string? Then
decrypt that in the C program.



I did not read all, but this solutions seems complicated and/or unsafe,
because you have to store bobs password somewhere.

The "s" bit in chmod does not mean "suid root", it only means "suid". So
bob can do this:

cp /usr/bin/id /home/bob/id
chmod u+s /home/bob/id

If alice runs /home/bob/id, then the effective user id (euid) will be bob!

So, how do you manage access to this suid binary? One way can be group
permissions: alice and bob probably share a unix group, and no one else
is member of this group.
Or you use ACLs. Bob permits execute access to alice:

chmod 4744 /home/bob/id
setfacl -m user:alice:rx /home/bob/id

Check:

getfacl /home/bob/id
# file: /home/bob/id
# owner: bob
# group: users
# flags: s--
user::rwx
user:alice:r-x
group::r--
mask::r-x
other::r--


But really the best way is to get root to edit the sudoers.


< Previous Next >
List Navigation
Follow Ups
References