I wrote a C program (runas.c) that runs a command as a different user.
The problem I'm having is that the new user's group membership isn't going into
effect. Take the following scenario:
I login as "kirk". I need to run some commands as "spock". kirk and spock belong
to these Unix groups:
Code:
$ groups kirk spock
kirk : human starfleet
spock : vulcan starfleet
$ ls -lR /tmp/.z:
total 16
-rw-rw-r-- 1 kirk human 0 Mar 17 22:37 aa
drwxrwxr-x 2 sarek vulcan 117 Mar 17 22:38 adir
/tmp/.z/adir:
total 0
$ /bin/id
uid=5418(kirk) gid=29(human)
$ runas spock /bin/id
uid=7643(spock) gid=35(vulcan)
$ runas spock /bin/touch /tmp/.z/adir/zz
touch: /tmp/.z/adir/zz cannot create
Even though the runas utility becomes "spock" without any problems, the "touch"
command can't create "/tmp/.z/adir/zz" because for some reason, the OS
still sees kirk's group membership instead of spock's group membership.
The following is a listing of my C program (runas.c)
What changes must I make so that the group membership of the new user
takes effect?
Thanks in advance
--Andrew
Code:
$ cat runas.c
#include <stdio.h>
#include <sys/types.h>
#include <unistd.h>
#include <pwd.h>
#include <grp.h>
main(int argc, char *argv[])
{
struct passwd *pw;
struct group *grp;
char *args[argc];
char command[60];
int i;
char user[20];
if (argc >= 3) {
strcpy(user, argv[1]);
strcpy(command, argv[2]);
} else {
exit(1);
}
if (setuid(0) != 0) {
printf("Cannot proceed...This program doesn't have the proper permissions!\n");
exit(2);
}
/* additional security checks go here... */
pw = getpwnam(user); /* get password record for specified user. */
if (pw == NULL)
{
printf("%s is an invalid username.\n", user );
exit(3);
}
i = setreuid(pw->pw_uid, pw->pw_uid); /* become the specified user! */
if (i != 0)
{
printf("setreuid() failed...\n");
exit(5);
}
for (i = 2; i < argc; i++) {
args[i - 2] = (char *)malloc(strlen (argv [i]) * sizeof(char) + 1);
strcpy(args[i - 2], argv[i]);
}
args[argc - 2] = NULL;
execv(command, args);
printf("%s: execv() failed!!!\n\n", argv[0]);
} /* main() */
Last edited by Yogesh Sawant; 03-18-2008 at 09:26 AM..
Reason: added code tags
silly question maybe...
Why didnt you chgrp adir to starfleet since this group is common to both, I would thought it were for such a purpose...
would newgrp be of any use?
thanks for the reply. However, your suggestion only works if all users
belong to a common group. If i wish to run a command as 'billybob' and 'billybob' doesn't belong to 'starfleet' group, I'll still have the same problem.
it shouldn't matter which user owns the directory. The user (target user) I'm running the command as
belongs to the same group that owns the directory, but the OS is not recognizing the
target user's group membership.
Hi,
I am trying to run a command within my KSH script as another user due to permission issues, now both users are non root. I have tried the following command and was unsuccessful:
echo "<password>" | sudo -S -u <username> -k command
Can I use sudo to run a command as a non-root user? (5 Replies)
Hi All,
I have been struggling for a week trying to run a unix command from my java program.
the unix command is:
ssh dmdev3@tsapid01-zt3d01 ':> /t3/envs/dmdev3/test/file_list.txt'
when i try to run this command directly on my unix console, it works perfectly.
but when i try it form... (12 Replies)
Ok, so I know there's a way to do this, but I've been trying to find out all afternoon with no luck. I think it should print out something like this:
1 bin
2 daemon
6 duo
Where the numbers on the left are the number of processes being run by the user whose name is listed on the right. Is... (4 Replies)
Hi,
I have a website that needs to do the following functionality:
On the admin site, a user will enter will enter a datatime. From this, a cronjob (or equivalent) must be created to run "myscript.sh" at that time.
In the php admin page I have this code:
$time = '2010-02-10 15:00:00';... (0 Replies)
Hello Folks,
I have a need to execute certain scripts on a regular basis on a number of (AIX) servers. What I had in mind, is to accomplish this using ssh/rsh, auto login. Initially I developped the script, which can be invoked from one of the AIX servers (by loggin into the first host), and... (4 Replies)
Hi ,
I am working in Sun SOlaris 9 and trying to extract a particular jar file in my home.
I am giving command
"jar xv <filename>"
But it just hangs and does nothing ?
Any pointers why this is happenning ? or how can I see contents of a jar file?
Thanks (2 Replies)
Hi,
Is there any way to invoke a Windows command from Unix ??
For eg: I want to track down a user executing a script and want to send him a message through net send in windows ..
I am able to get the user machines ip ... and since I want my message to be popped up in users screen, wud... (4 Replies)
--------------------------------------------------------------------------------
Hi,
Is there any way to invoke a Windows command from Unix ??
For eg: I want to track down a user executing a script and want to send him a message through net send in windows ..
I am able to get the user... (1 Reply)
Hi,
I have to write a functionality on AIX m/c, in which I have to execute su command from some normal user (other than root).
I have created two users, u1 and u2 and put both the users in same group.
I logged in with user u1 and tried to su to u2 but was not able to do so.
Where as if i... (2 Replies)
