[TriLUG] Help with setuid C wrapper script
Clay Stuckey
cstuckey at govsg.com
Sun Oct 10 10:30:40 EDT 2010
Sudo is fine for that. It gives you root privileges. Ownership will not be an issue. I'm not sure what you did but it works great for me without a password.
--
Clay Stuckey
(843) 469-5467
cstuckey at govsg.com
claystuckey at gmail.com
On Oct 10, 2010, at 9:53 AM, "Ron Kelley" <rkelleyrtp at gmail.com> wrote:
> In this specific case, I need a specific (non-root) user to run the commands "tail -100 /var/log/messages" and "tail -50 /var/log/secure" without requiring a password prompt. Since the messages and sure files are not viewable by non-root users, sudo will not help here. I tried various incantations of sudo to make this work and had to resort to a wrapper script instead. In addition, I want a wrapper that I can use to expand the command set without mucking with sudo.
>
>
> -Ron
>
>
>
>
>
>
>
> On Oct 10, 2010, at 9:30 AM, Clay Stuckey wrote:
>
>> Why use C when sudo is designed for just that?
>>
>> --
>> Clay Stuckey
>> (843) 469-5467
>> cstuckey at govsg.com
>> claystuckey at gmail.com
>>
>> On Oct 10, 2010, at 9:04 AM, "Ron Kelley" <rkelleyrtp at gmail.com> wrote:
>>
>>> Greetings all,
>>>
>>> I need to allow a non-root user to run a couple of system commands and would like to use a setuid C wrapper binary. I have searched over the 'net and have found the following sample code. Unfortunately, I get segmentation faults if no command arguments are passed in. Since I am not a C programmer, I was hoping someone could help me fine-tune the utility.
>>>
>>> For some reason, this code requires the "-v" CLI argument. I would prefer to just pass in the necessary arguments without the "-v". In addition, if no arguments (or, unknown/invalid args) are passed in, I want the utility to exit immediately. I want the ability to add additional commands in the future, so I need it to be flexible enough to parse the args instead of writing a single wrapper per external command.
>>>
>>> Example:
>>>
>>> #> wrapper my_command
>>> <runs the "my_command" command>
>>>
>>> #> wrapper another_command
>>> <runs the "another_command" command>
>>>
>>> #> wrapper
>>> <exits immediately>
>>>
>>> #> wrapper -h
>>> <exits immediately - no error output>
>>>
>>>
>>> ---------------------------------------------------------------------------------------------------------------------------------------
>>> #include <stdio.h>
>>> #include <sys/types.h>
>>> #include <unistd.h>
>>> #include <signal.h>
>>> #include <strings.h>
>>> #include <stdlib.h>
>>>
>>> /********************************************
>>> * Inspired by:
>>> * http://linuxshellaccount.blogspot.com/2007/12/securing-suid-programs-using-simple-c.html *
>>> ********************************************/
>>>
>>> /* Define global variables */
>>>
>>> int gid;
>>>
>>> /* main(int argc, char **argv) - main process loop */
>>>
>>> int main(int argc, char **argv)
>>> {
>>>
>>> /* Set uid, gid, euid and egid to root */
>>>
>>> setegid(0);
>>> seteuid(0);
>>> setgid(0);
>>> setuid(0);
>>>
>>> if ( strncmp(argv[1], "my_command", 11) == 0 ) {
>>> if (execl("/usr/local/bin/my_command", "my_command", "-v", NULL) < 0) {
>>> perror("Execl:");
>>> }
>>> } else if ( strncmp(argv[1], "another_command", 15) == 0 ) {
>>> if (execl("/usr/local/bin/another_command", "another_command", "-v", NULL) < 0) {
>>> perror("Execl:");
>>> }
>>> } else {
>>> exit (1);
>>> }
>>> exit (0);
>>> }
>>> ---------------------------------------------------------------------------------------------------------------------------------------
>>>
>>>
>>>
>>>
>>>
>>> Thanks for any help,
>>>
>>> -Ron
>>> --
>>> This message was sent to: Clay Stuckey <cstuckey at govsg.com>
>>> To unsubscribe, send a blank message to trilug-leave at trilug.org from that address.
>>> TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug
>>> Unsubscribe or edit options on the web : http://www.trilug.org/mailman/options/trilug/cstuckey%40govsg.com
>>> TriLUG FAQ : http://www.trilug.org/wiki/Frequently_Asked_Questions
>> --
>> This message was sent to: Ron Kelley <rkelleyrtp at gmail.com>
>> To unsubscribe, send a blank message to trilug-leave at trilug.org from that address.
>> TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug
>> Unsubscribe or edit options on the web : http://www.trilug.org/mailman/options/trilug/rkelleyrtp%40gmail.com
>> TriLUG FAQ : http://www.trilug.org/wiki/Frequently_Asked_Questions
>
> Thanks,
>
> -Ron
> rkelleyrtp at gmail.com
>
> --
> This message was sent to: Clay Stuckey <cstuckey at govsg.com>
> To unsubscribe, send a blank message to trilug-leave at trilug.org from that address.
> TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug
> Unsubscribe or edit options on the web : http://www.trilug.org/mailman/options/trilug/cstuckey%40govsg.com
> TriLUG FAQ : http://www.trilug.org/wiki/Frequently_Asked_Questions
More information about the TriLUG
mailing list