[英]how to execute a command as root
I develop a C code on Linux (Debian). 我在Linux(Debian)上开发了一个C代码。 Time to time, I need to execute some commands through
system()
不时,我需要通过
system()
执行一些命令
I wonder if it is possible to execute a command via system()
as root. 我想知道是否可以通过
system()
以root身份执行命令。 If it is not the case, is there any function to execute a command (or run a binary) as root that I can use on the C code? 如果不是这样,是否有任何函数可以以root身份执行命令(或运行二进制文件),我可以在C代码上使用它?
We met the situation before that we want to execute a root command by a normal user, here is our solution (using setuid/SUID): 在我们想要普通用户执行root命令之前我们遇到了这种情况,这是我们的解决方案(使用setuid / SUID):
assume that: 假使,假设:
Tom
Tom
gTom
gTom
my_pro.c
my_pro.c
my_sudo.c
my_sudo.c
...
int main(int args, char *argv[]) {
if (args < 2)
printf("Usage: my_sudo [cmd] [arg1 arg2 ...]");
// cmd here is the shell cmd that you want execute in "my_pro"
// you can check the shell cmd privilege here
// example: if (argv[1] != "yum") return; we just allow yum execute here
char cmd[MAX_CMD];
int i;
for ( i = 2; i < args; i ++) {
// concatenate the cmd, example: "yum install xxxxx"
strcat(cmd, " ");
strcat(cmd, argv[i]);
}
system(cmd);
}
my_sudo.c
to get a my_sudo
executable file my_sudo.c
以获取my_sudo
可执行文件 sudo chown root:gTom my_sudo // user root && gTom group
sudo chmod 4550 my_sudo // use SUID to get root privilege
#you will see my_sudo like this(ls -l)
#-r-sr-x--- 1 root my_sudo 9028 Jul 19 10:09 my_sudo*
#assume we put my_sudo to /usr/sbin/my_sudo
...
int main() {
...
system("/usr/bin/mysudo yum install xxxxx");
...
}
#gcc && ls -l
#-rwxr--r-- 1 Tom gTom 1895797 Jul 23 13:55 my_pro
./my_pro
./my_pro
You can execute the yum install
without sudo
. 您可以在没有
sudo
情况下执行yum install
。
If you are a user on your system that has sudo
privileges to run commands as root
, just pre-pend sudo
to the command. 如果您是系统上具有以
root
身份运行命令的sudo
权限的root
,则只需将sudo
挂起到命令即可。
system("sudo yum install some-package");
If you want anybody to be able to do it, then you have to be administrator on your system, change the owner of the file to be root
, and modify the permissions of your executable to run as root
. 如果您希望任何人能够执行此操作,那么您必须是系统的管理员,将文件的所有者更改为
root
,并修改可执行文件的权限以root
身份运行。 By doing so, you do not need to modify your system()
command string with sudo
. 通过这样做,您不需要使用
sudo
修改system()
命令字符串。
chmod +s my_program
chown root my_program
Realize that doing this may open you up to security problems, unless you have proven that your program has no security issues. 要意识到这样做可能会让您面临安全问题,除非您已经证明您的程序没有安全问题。
The file-system may be such to disallow you from setting the setuid
bit on your program. 文件系统可能会禁止您在程序上设置
setuid
位。 If you need more information along these lines, you should consult SuperUser . 如果您需要更多信息,请咨询SuperUser 。
This is one of those bag-o-tricks things to keep in mind. 这是要记住的那些包包技巧之一。 There are security risks, so just be aware of who will use it.
存在安全风险,因此请注意谁将使用它。 In the "system" command you can even execute external scripts...although that opens major security risks because while this binary has to have the permissions re-set every time it's compiled, a script can be changed endlessly and this binary will keep calling it.
在“system”命令中,您甚至可以执行外部脚本...虽然这会打开主要的安全风险,因为虽然这个二进制文件必须在每次编译时重新设置权限,但脚本可以无限更改,并且此二进制文件将继续调用它。
#include <stdio.h>
#include <stdlib.h>
//Create as root
//gcc fixmusic.c -o fixmusic
//chmod u+s fixmusic
//now run as non-root user and it should work despite limitations of user
int main(int argc, char *argv[] )
{
setuid(0);
char command[100];
sprintf(command,"/usr/bin/chmod -R a+w /mnt/Local/Music");
system(command);
//This is just optional info if someone cat's the binary
volatile const char comment [] = "INFO: Fixes music permissions";
return 0;
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.