Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Running a Unix command as a different user
Top Forums UNIX for Advanced & Expert Users Running a Unix command as a different user Post 302176292 by Andrewkl on Tuesday 18th of March 2008 02:44:04 AM
Old 03-18-2008
Running a Unix command as a different user
hi,

I wrote a C program (runas.c) that runs a command as a different user.
The problem I'm having is that the new user's group membership isn't going into
effect. Take the following scenario:

I login as "kirk". I need to run some commands as "spock". kirk and spock belong
to these Unix groups:

Code:
$ groups kirk spock
  kirk :  human starfleet
  spock : vulcan starfleet
  
$ ls -lR /tmp/.z:
  total 16
  -rw-rw-r--   1 kirk    human             0 Mar 17 22:37 aa
  drwxrwxr-x   2 sarek   vulcan          117 Mar 17 22:38 adir
  
  /tmp/.z/adir:
  total 0

$ /bin/id
  uid=5418(kirk) gid=29(human)

$ runas spock /bin/id
  uid=7643(spock) gid=35(vulcan)

$ runas spock /bin/touch /tmp/.z/adir/zz
  touch: /tmp/.z/adir/zz cannot create

Even though the runas utility becomes "spock" without any problems, the "touch"
command can't create "/tmp/.z/adir/zz" because for some reason, the OS
still sees kirk's group membership instead of spock's group membership.

The following is a listing of my C program (runas.c)
What changes must I make so that the group membership of the new user
takes effect?

Thanks in advance
--Andrew

Code:
$ cat runas.c

     #include <stdio.h>
     #include <sys/types.h>
     #include <unistd.h>
     #include <pwd.h>
     #include <grp.h>
     
     main(int argc, char *argv[])
     {
         struct passwd *pw;
         struct group *grp;
         char *args[argc];
         char command[60];
         int i;
         char user[20];
         
         if (argc >= 3) {
             strcpy(user, argv[1]);
             strcpy(command, argv[2]);
         } else {
             exit(1);
         }
         
         if (setuid(0) != 0) {
             printf("Cannot proceed...This program doesn't have the proper permissions!\n"); 
             exit(2);
         }
         
         /* additional security checks go here... */
         
         pw = getpwnam(user);          /* get password record for specified user. */
         if (pw == NULL)
            {
             printf("%s is an invalid username.\n", user );
             exit(3);
            }
         
         i = setreuid(pw->pw_uid, pw->pw_uid);  /* become the specified user! */
         if (i != 0) 
            {
             printf("setreuid() failed...\n");
             exit(5);
            }
         
         for (i = 2; i < argc; i++)  {    
              args[i - 2] = (char *)malloc(strlen (argv [i]) * sizeof(char) + 1); 
              strcpy(args[i - 2], argv[i]);     
         }
         args[argc - 2] = NULL;
          
         execv(command, args); 
         printf("%s: execv() failed!!!\n\n", argv[0]);
     
     } /* main() */

Last edited by Yogesh Sawant; 03-18-2008 at 09:26 AM.. Reason: added code tags
 

10 More Discussions You Might Find Interesting

1. AIX

Running su command from normal user

Hi, I have to write a functionality on AIX m/c, in which I have to execute su command from some normal user (other than root). I have created two users, u1 and u2 and put both the users in same group. I logged in with user u1 and tried to su to u2 but was not able to do so. Where as if i... (2 Replies)
Discussion started by: shailendrat
2 Replies

2. UNIX for Advanced & Expert Users

Running windows command from Unix

-------------------------------------------------------------------------------- Hi, Is there any way to invoke a Windows command from Unix ?? For eg: I want to track down a user executing a script and want to send him a message through net send in windows .. I am able to get the user... (1 Reply)
Discussion started by: Sabari Nath S
1 Replies

3. Shell Programming and Scripting

Running windows command from Unix

Hi, Is there any way to invoke a Windows command from Unix ?? For eg: I want to track down a user executing a script and want to send him a message through net send in windows .. I am able to get the user machines ip ... and since I want my message to be popped up in users screen, wud... (4 Replies)
Discussion started by: Sabari Nath S
4 Replies

4. UNIX for Dummies Questions & Answers

jar command not running in Unix

Hi , I am working in Sun SOlaris 9 and trying to extract a particular jar file in my home. I am giving command "jar xv <filename>" But it just hangs and does nothing ? Any pointers why this is happenning ? or how can I see contents of a jar file? Thanks (2 Replies)
Discussion started by: hkapil
2 Replies

5. AIX

Running unix command from windows? How?

Hello Folks, I have a need to execute certain scripts on a regular basis on a number of (AIX) servers. What I had in mind, is to accomplish this using ssh/rsh, auto login. Initially I developped the script, which can be invoked from one of the AIX servers (by loggin into the first host), and... (4 Replies)
Discussion started by: haroon_a
4 Replies

6. Shell Programming and Scripting

Running AT command as a different user

Hi, I have a website that needs to do the following functionality: On the admin site, a user will enter will enter a datatime. From this, a cronjob (or equivalent) must be created to run "myscript.sh" at that time. In the php admin page I have this code: $time = '2010-02-10 15:00:00';... (0 Replies)
Discussion started by: nkittie
0 Replies

7. UNIX for Dummies Questions & Answers

How do you print the number of processes that each user is currently running in Unix?

Ok, so I know there's a way to do this, but I've been trying to find out all afternoon with no luck. I think it should print out something like this: 1 bin 2 daemon 6 duo Where the numbers on the left are the number of processes being run by the user whose name is listed on the right. Is... (4 Replies)
Discussion started by: Duo11
4 Replies

8. UNIX for Dummies Questions & Answers

running unix command from java

Hi All, I have been struggling for a week trying to run a unix command from my java program. the unix command is: ssh dmdev3@tsapid01-zt3d01 ':> /t3/envs/dmdev3/test/file_list.txt' when i try to run this command directly on my unix console, it works perfectly. but when i try it form... (12 Replies)
Discussion started by: madhu_sharan
12 Replies

9. UNIX for Beginners Questions & Answers

Need help running a Foxbase command in UNIX

Hello, I'm new to Unix and need the help of an expert. How can I run a foxbase command "DO perform FoxBase program" in Unix? Thank you (1 Reply)
Discussion started by: webuxer
1 Replies

10. UNIX for Beginners Questions & Answers

Running a command as another non-root user

Hi, I am trying to run a command within my KSH script as another user due to permission issues, now both users are non root. I have tried the following command and was unsuccessful: echo "<password>" | sudo -S -u <username> -k command Can I use sudo to run a command as a non-root user? (5 Replies)
Discussion started by: MIA651
5 Replies

LEARN ABOUT POSIX

pts_interactive

PTS_INTERACTIVE(1)					       AFS Command Reference						PTS_INTERACTIVE(1)

NAME

       pts_interactive - Enters interactive mode

SYNOPSIS

       pts interactive [-cell] <cell name> [-noauth]
	   [-auth] [-localauth] [-force]

       pts in [-c] <cell name> [-n] [-f]

DESCRIPTION

       The pts interactive command allows the user to enter an interactive mode, useful for running bulk commands like creating new users or
       groups.

       pts interactive uses the authentication state supplied on its command line to run all bulk commands. However, if a bulk command is supplied
       with authentication options such as -cell, -localauth, -auth or -noauth then it, and all subsequent bulk commands, will be run with those
       options.

CAUTIONS

       Prior to OpenAFS 1.4.5 and OpenAFS 1.5.23, the pts interactive command was only available on Unix or Linux and when OpenAFS was compiled
       with the supergroups option (disabled by default).  As of OpenAFS 1.4.5 and 1.5.23, it is always available.

       Running bulk pts commands may degrade the performance of the Protection Server while they are run and server resources may not be released
       immediately after commands are run. The pts sleep command can be used in interactive mode or with pts source to give the Protection Server
       a change to catch up.

OPTIONS

       pts interactive only takes the standard pts options.

       -cell <cell name>
	   Names the cell in which to run the command. For more details, see pts(1).

       -force
	   Enables the command to continue executing as far as possible when errors or other problems occur, rather than halting execution at the
	   first error.

       -help
	   Prints the online help for this command. All other valid options are ignored.

       -localauth
	   Constructs a server ticket using a key from the local /etc/openafs/server/KeyFile file. Do not combine this flag with the -cell or
	   -noauth options. For more details, see pts(1).

       -noauth
	   Assigns the unprivileged identity anonymous to the issuer. For more details, see pts(1).

OUTPUT

       The output is the same as if each individual command were run from the command line.

EXAMPLES

       Here is an example of a pts interactive session:

	  % pts interactive
	  pts> examine admin
	  Name: admin, id: 1, owner: system:administrators, creator: anonymous,
	    membership: 2, flags: S----, group quota: 20.
	  pts> help
	  pts: Commands are:
	  adduser	  add a user to a group
	  apropos	  search by help text
	  chown 	  change ownership of a group
	  creategroup	  create a new group
	  createuser	  create a new user
	  delete	  delete a user or group from database
	  examine	  examine an entry
	  help		  get help on commands
	  interactive	  enter interactive mode
	  listentries	  list users/groups in the protection database
	  listmax	  list max id
	  listowned	  list groups owned by an entry or zero id gets orphaned groups
	  membership	  list membership of a user or group
	  quit		  exit program
	  removeuser	  remove a user from a group
	  rename	  rename user or group
	  setfields	  set fields for an entry
	  setmax	  set max id
	  sleep 	  pause for a bit
	  source	  read commands from file
	  pts> quit
	  %

PRIVILEGE REQUIRED

       The same privilege is required to run the command in interactive mode as is required to run the command by itself on the command line. Some
       commands such as pts createuser require that the user belong to the system:administrators group, while others do not.

SEE ALSO

       pts(1), pts_quit(1), pts_sleep(1), pts_source(1), ptserver(8)

COPYRIGHT

       Copyright 2007 Jason Edgecombe <jason@rampaginggeek.com>

       This documentation is covered by the BSD License as written in the doc/LICENSE file. This man page was written by Jason Edgecombe for
       OpenAFS.

OpenAFS 							    2014-04-08							PTS_INTERACTIVE(1)
All times are GMT -4. The time now is 08:59 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy