如何以root身份执行命令

Question

I develop a C code on Linux (Debian). Time to time, I need to execute some commands through system()

I wonder if it is possible to execute a command via system() as root. If it is not the case, is there any function to execute a command (or run a binary) as root that I can use on the C code?

Answer 1

We met the situation before that we want to execute a root command by a normal user, here is our solution (using setuid/SUID):

assume that:

• username : Tom
• group : gTom
• C program file : my_pro.c

Step 1: Write a C code tool: my_sudo.c

...
int main(int args, char *argv[]) {
    if (args < 2) 
        printf("Usage: my_sudo [cmd] [arg1 arg2 ...]");

    // cmd here is the shell cmd that you want execute in "my_pro"
    // you can check the shell cmd privilege here
    // example:  if (argv[1] != "yum") return; we just allow yum execute here

    char cmd[MAX_CMD];
    int i;
    for ( i = 2; i < args; i ++) {
    // concatenate the cmd, example: "yum install xxxxx"
        strcat(cmd, " ");
        strcat(cmd, argv[i]);
    }

    system(cmd);
} 

Step 2: Compile my_sudo.c to get a my_sudo executable file

   sudo chown root:gTom my_sudo   // user root && gTom group
   sudo chmod 4550 my_sudo        // use SUID to get root privilege

   #you will see my_sudo like this(ls -l)
   #-r-sr-x--- 1 root my_sudo 9028 Jul 19 10:09 my_sudo*

   #assume we put my_sudo to /usr/sbin/my_sudo

Step 3: In your C code

...
int main() {
    ...
    system("/usr/bin/mysudo yum install xxxxx");
    ...
}

#gcc && ls -l
#-rwxr--r--  1 Tom gTom 1895797 Jul 23 13:55 my_pro

Step 4: Execute ./my_pro

You can execute the yum install without sudo .

Answer 2

If you are a user on your system that has sudo privileges to run commands as root , just pre-pend sudo to the command.

system("sudo yum install some-package");

If you want anybody to be able to do it, then you have to be administrator on your system, change the owner of the file to be root , and modify the permissions of your executable to run as root . By doing so, you do not need to modify your system() command string with sudo .

chmod +s my_program
chown root my_program

Realize that doing this may open you up to security problems, unless you have proven that your program has no security issues.

The file-system may be such to disallow you from setting the setuid bit on your program. If you need more information along these lines, you should consult SuperUser .

Answer 3

This is one of those bag-o-tricks things to keep in mind. There are security risks, so just be aware of who will use it. In the "system" command you can even execute external scripts...although that opens major security risks because while this binary has to have the permissions re-set every time it's compiled, a script can be changed endlessly and this binary will keep calling it.

#include <stdio.h>
#include <stdlib.h>

//Create as root
//gcc fixmusic.c -o fixmusic 
//chmod u+s fixmusic
//now run as non-root user and it should work despite limitations of user


int main(int argc, char *argv[] )
{

    setuid(0);

    char command[100];
    sprintf(command,"/usr/bin/chmod -R a+w /mnt/Local/Music");
    system(command);
    //This is just optional info if someone cat's the binary
    volatile const char comment [] = "INFO: Fixes music permissions";
    return 0;
}