View previous topic :: View next topic |
Author |
Message |
ragnwald n00b
Joined: 20 Dec 2002 Posts: 43 Location: Stockholm
|
Posted: Mon Jan 27, 2003 4:47 pm Post subject: I want the program running as root |
|
|
Hello.
I have a little problem. I made a program in C that has to be run as root to be able to work properly, and I want to be able to communicate with that program from php, therefore the apache-user must be able to run the program as root.
The binfile is owned by root, and I got the tip to use chmod 4755 (or u+s) to make it run as root. It didn't work, but the exact same program worked at his computer, with another dist. Does anyone know what's wrong?
Some days later I wrote another program that used the parallellport, that also had to be run as root, but on that program it worked....... really strange.. |
|
Back to top |
|
|
jukka Apprentice
Joined: 06 Jun 2002 Posts: 249 Location: Zurich, Switzerland
|
Posted: Tue Jan 28, 2003 5:50 am Post subject: Re: I want the program running as root |
|
|
ragnwald wrote: | It didn't work |
make sure to set the effective user id to the saved user id in your c program before doing anything you need root privileges for, e.g. setuid(geteuid()). if the file is owned by root and the suid bit is set, it should work... |
|
Back to top |
|
|
ragnwald n00b
Joined: 20 Dec 2002 Posts: 43 Location: Stockholm
|
Posted: Mon Feb 17, 2003 4:23 pm Post subject: Re: I want the program running as root |
|
|
jukka wrote: | ragnwald wrote: | It didn't work |
make sure to set the effective user id to the saved user id in your c program before doing anything you need root privileges for, e.g. setuid(geteuid()). if the file is owned by root and the suid bit is set, it should work... |
Can you explain a little how to do ?
I have a little c-program, owned by root... With CHMOD 4755, just to look who the program runs as... it looks like this:
#include <stdlib.h>
main()
{
system("whoami");
}
when i run the program as the user "www" the program says "www".. but it should say root... |
|
Back to top |
|
|
jukka Apprentice
Joined: 06 Jun 2002 Posts: 249 Location: Zurich, Switzerland
|
Posted: Mon Feb 17, 2003 5:43 pm Post subject: Re: I want the program running as root |
|
|
ragnwald wrote: | Can you explain a little how to do ? |
see setuid(2), getuid(2), etc.
if you don't want to read, change your tiny program as follows: Code: | #include <stdlib.h>
#include <sys/types.h>
#include <unistd.h>
int main(void)
{
setuid(geteuid());
system("whoami");
return 0;
} |
Quote: | when i run the program as the user "www" the program says "www".. but it should say root... |
now it shoud say root.
btw, system("whoami") is not the preferred way to check the uid...
hth, jukka |
|
Back to top |
|
|
ragnwald n00b
Joined: 20 Dec 2002 Posts: 43 Location: Stockholm
|
Posted: Sun Feb 23, 2003 3:09 pm Post subject: |
|
|
It worked
Thank you! |
|
Back to top |
|
|
sKewlBoy Guru
Joined: 03 Nov 2002 Posts: 406 Location: Portugal
|
Posted: Sun Feb 23, 2003 5:29 pm Post subject: |
|
|
What if I want to run a suid'ed bash ??
Code: |
cp /bin/bash /rootshell.test
chmod 4755 /rootshell.test
|
then I run rootshell.test as a normal user and it isn't a rootshell...
What's missing here ... ?
Oh, and can I suid shell scripts ... ?
Or do I have to make an suid'ed app to execute suid'ed scripts as the suid'ed user ... ?
Thanks |
|
Back to top |
|
|
jukka Apprentice
Joined: 06 Jun 2002 Posts: 249 Location: Zurich, Switzerland
|
Posted: Tue Feb 25, 2003 5:12 pm Post subject: |
|
|
sKewlBoy wrote: | What if I want to run a suid'ed bash ??
Code: |
cp /bin/bash /rootshell.test
chmod 4755 /rootshell.test
|
then I run rootshell.test as a normal user and it isn't a rootshell...
What's missing here ... ? |
you didn't read the manual
invoke bash in privileged mode (-p option). e.g.: Code: |
$ exec /rootshell.test -lp
# id -u
0 |
Quote: | Oh, and can I suid shell scripts ... ? |
you can, but the kernel sets the EUID to the real UID before executing the script. so it's equivalent to not setting the suid bit for the script at all. (this is true for all interpreted files, i.e. non-compiled programs)
Quote: | Or do I have to make an suid'ed app to execute suid'ed scripts as the suid'ed user ... ? |
almost: you have to make an suid'ed app to execute the scripts as the suid'ed user (see this thread)
hth, jukka |
|
Back to top |
|
|
sKewlBoy Guru
Joined: 03 Nov 2002 Posts: 406 Location: Portugal
|
Posted: Wed Feb 26, 2003 5:35 pm Post subject: |
|
|
Quote: |
Quote:
Or do I have to make an suid'ed app to execute suid'ed scripts as the suid'ed user ... ?
almost: you have to make an suid'ed app to execute the scripts as the suid'ed user
|
setting the suid bit in the script would be an easy way to identify which scripts could be suid'ed
and thanks for the tip on the bash, I really ought to start RTFM.... |
|
Back to top |
|
|
jukka Apprentice
Joined: 06 Jun 2002 Posts: 249 Location: Zurich, Switzerland
|
Posted: Wed Feb 26, 2003 5:49 pm Post subject: |
|
|
sKewlBoy wrote: | setting the suid bit in the script would be an easy way to identify which scripts could be suid'ed |
i'm not sure if you got it: setting the suid bit on a script file does not make any sense, because it's ignored by the kernel before execution. i don't understand what you'd like to identify by setting the bit.
Quote: | and thanks for the tip on the bash, I really ought to start RTFM.... |
i'd suggest RTFS |
|
Back to top |
|
|
|