stackoom
  简体   繁体   中英

How can I switch user during execution using C on Linux

 原文  2017-10-17 03:24:42       c/ linux/ posix

Question

I'm writing an application using C on Linux. In my application, I need to do some tasks at the beginning with normal user (Non root user) while I need to do some tasks with root user in the middle of execution as well.

By the way, I cannot modify configurations of normal user. So I cannot add normal user to sudoers. I cannot modify any OS configurations as well.

What my application really do is execute applications, get their outputs for analysing.

Some applications need to be run with root. I use multi-threads to execute and analyse outputs of these applications in parallel then stores report of each application in a singleton called Report. I call these applications using execvp in sub-process.

The main purpose of my application is to automate software testing. And most task is required to run in software owner which shall not be root.

So, the problem is

  • how can I switch user during execution?
  • Is there anyway that I can implement this within 1 executable?
  • Do this with POSIX APIs is better.
  • Run my application with normal user, provide root password to my application, switch to root using root password.

1 answers

solution1
 4  2017-10-17 04:43:05

Read more about setuid executables and setreuid(2) and execve(2) syscalls. Be careful, you'll need to put the setuid flag on the executable with chmod u+s (see chmod(1) ) after changing its ownership (with chown(1) ) and code carefully to avoid security holes .

(so I recommend to have your code reviewed by someone knowing the setuid mechanism and aware of security issues)

Setuid is the basic mechanism (used by su , sudo , super , login etc...) programs to get (or revoke) privileges. See credentials(7) & capabilities(7) .

It could be safer to start some helper process (as root, or start some setuid executable perhaps in /usr/libexec/ ...) and communicate with it using some inter-process communication facilities (like pipe(7) ...). For example, it is not recommended to use GUI toolkits like GTK or Qt in root processes. If your app has some GUI, it is reasonable to run its GUI in a non-root (ordinary user) process and run as root the (hopefully small) helper process doing the real job requiring special privileges.

Before coding, I recommend reading a good book like Advanced Linux Programming and syscalls(2) and the documentation of every system call you would use. Security aspects are especially important.

Setuid executables don't necessarily require or use any password; it is the other way round: programs requiring passwords (notably login , su , sudo etc....) are setuid (and they are free software on Linux so you can study their source code); try ls -l /bin/su /usr/bin/sudo /bin/login to check that.

Since you want to emulate various user environments, be aware of environ(7) .

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Can I cast a variable to a type decided during execution in C How can I compare strings in C using a `switch` statement? How do I switch between windows in c on linux with gtk3 How to measure execution time of file I/Os in C programs on Linux? How can i repeat a switch statement in C? Linux change pgrp (process group) during c program execution How do I record the process execution time in nanoseconds using C on a linux operating system using clock_getttime()? Can i like allow the user input a char during a nested switch statement? How can I log the stack during an allocation on Linux? How can I construct a string literal during program execution using a string literal and a character array without including the string library?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM