From: Thomas Leitner (tom@radar.tu-graz.ac.at)
Date: Fri Jan 10 2003 - 06:19:11 EST
This list is great as always!! Fast and accurate replies! Terry hit
the nail on the head: In my "runas" program I need to first set the
GID and then set the UID. I had it the other way around!
Thanks Terry. Below's his reply. Thank's also to Wakeman, Lindsay
<Lindsay.Wakeman@bl.uk> who suggested to use the sudo package.
Tom
-------------------------------- Replies ----------------------
From: tsh@mrc-lmb.cam.ac.uk
To: Thomas Leitner <tom@radar.tu-graz.ac.at>
Subject: Re: setreuid/setregid without SUID bit set.
Which order do you do the setreuid/setregid?
If you set the uid to something without root priv,
you wont then be able to set the gid.
Make sure you set the gid first.
Cheers,
Terry.
-----------------
From: "Wakeman, Lindsay" <Lindsay.Wakeman@bl.uk>
To: 'Thomas Leitner' <tom@radar.tu-graz.ac.at>
Subject: RE: setreuid/setregid without SUID bit set.
Tom
If I understand what you are trying to do aright, then the 'sudo' command
will do it all
- available at www.courtesan.com/sudo/
Lindsay
Lindsay Wakeman
UNIX Systems Manager, Systems Delivery London
The British Library
lindsay.wakeman@bl.uk
-----Original Message-----
From: Thomas Leitner [mailto:tom@radar.tu-graz.ac.at]
Sent: 10 January 2003 10:45
To: TRU64 Unix Managers
Subject: setreuid/setregid without SUID bit set.
Hi,
I need to have the ability to run a certain program started by root
under a different user account. I know that "su" is able to do that
but su leaves a shell hanging around which I want to avoid. So I wrote
my own "runas" program which basically does a setreuid/setregid to the
desired uid/gid and execs the required program.
Another constraint is that the "runas" program is not created with
root permissions. Now the problem I'm struggling with is, that my
runas program needs to have the GUID bit set (chmod 2755) in order
to work. Here's what happens (all commands executed as root):
# ls -l runas
-rwxr-xr-x 1 optamos users 32768 Jan 10 10:53 runas
# ./runas optamos /bin/ls
** ERROR: : Not owner
# chmod 4755 runas
# ./runas optamos /bin/ls
** ERROR: : Not owner
# chmod 2755 runas
# ./runas optamos /bin/ls
test.dat test1.dat test2.dat
......
Is there any way I can get this going without having to set the
"runas" program to mode 2755 ? I've tried to put the respective user
into the "system" group but this does not work either. Any other ways?
Thanks // Tom
--
--------------------------------------------------------------------------
Dr. Tom Leitner Dept. of Communications
Graz University of Technology,
e-mail : tom@radar.tu-graz.ac.at Inffeldgasse 12
Phone : +43-316-873-7455 A-8010 Graz / Austria / Europe
Fax : +43-316-463-697
Home page : http://www.radar.tugraz.at/people/tom.html
PGP public key on : ftp://wiis.tu-graz.ac.at/pgp-keys/tom.asc or send
mail with subject "get Thomas Leitner" to pgp-public-keys@keys.pgp.net
--------------------------------------------------------------------------
Before we have the paperless office, we have the paperless toilet!
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:49:03 EDT