On 02.10.2017 15:02, Paul Groves wrote:
On 30/09/17 00:33, Carlos E. R. wrote:
On 2017-09-29 22:36, David T-G wrote:
The more detail you can give us, the better we can provide ideas :-) He said he wants to do this in C:
system("command", username, password);
Plain simple :-)
I don't know of a way to call a command giving user and password in its command line. Except expect. Or ssh with key pairs, not password. SSH is rather unnecessary as it only needs access to the local machine.
Is there a way of logging into a local shell as a user in C to run the commands?
He is not root, he can not configure sudo. He has sudo access and the target user password. But sudo stops the script and asks for the password. He wants the script to not ask, just provide the password automatically. Exactly! Any method such as expect would store the password in a file in the clear, so it is a security risk. Correct method I think would be ssh and key pairs. The login session can store the password to the keys.
Unless I could save the password as something like an md5 string? Then decrypt that in the C program.
I did not read all, but this solutions seems complicated and/or unsafe, because you have to store bobs password somewhere. The "s" bit in chmod does not mean "suid root", it only means "suid". So bob can do this: cp /usr/bin/id /home/bob/id chmod u+s /home/bob/id If alice runs /home/bob/id, then the effective user id (euid) will be bob! So, how do you manage access to this suid binary? One way can be group permissions: alice and bob probably share a unix group, and no one else is member of this group. Or you use ACLs. Bob permits execute access to alice: chmod 4744 /home/bob/id setfacl -m user:alice:rx /home/bob/id Check: getfacl /home/bob/id # file: /home/bob/id # owner: bob # group: users # flags: s-- user::rwx user:alice:r-x group::r-- mask::r-x other::r-- But really the best way is to get root to edit the sudoers.