Mailinglist Archive: opensuse (783 mails)

< Previous Next >
Re: [opensuse] Run command as another user
On 2017-10-02 17:29, Florian Gleixner wrote:
On 02.10.2017 15:02, Paul Groves wrote:


I did not read all, but this solutions seems complicated and/or unsafe,
because you have to store bobs password somewhere.

Right.


The "s" bit in chmod does not mean "suid root", it only means "suid". So
bob can do this:

As user? Doesn't he need be root to do the changes?

cp /usr/bin/id /home/bob/id
chmod u+s /home/bob/id

If alice runs /home/bob/id, then the effective user id (euid) will be bob!

So, how do you manage access to this suid binary? One way can be group
permissions: alice and bob probably share a unix group, and no one else
is member of this group.
Or you use ACLs. Bob permits execute access to alice:

chmod 4744 /home/bob/id
setfacl -m user:alice:rx /home/bob/id

Check:

getfacl /home/bob/id
# file: /home/bob/id
# owner: bob
# group: users
# flags: s--
user::rwx
user:alice:r-x
group::r--
mask::r-x
other::r--


But really the best way is to get root to edit the sudoers.

But he is not root. He can not edit sudoers.

--
Cheers / Saludos,

Carlos E. R.
(from 42.2 x86_64 "Malachite" at Telcontar)

< Previous Next >
List Navigation