Computing.Net > Forums > Solaris > Running a Unix command as a differe

Specialty Forums
Security and Virus
General Hardware
CPUs/Overclocking
Networking
Digital Photo/Video
Office Software
PC Gaming
Console Gaming
Programming
Database
Web Development
Digital Home

General Forums
Windows XP
Windows Vista
Windows 95/98
Windows Me
Windows NT
Windows 2000
Win Server 2008
Win Server 2003
Windows 3.1
Linux
PDAs
BeOS
Novell Netware
OpenVMS
Solaris
Disk Op. System
Unix
Mac
OS/2

Drivers
Driver Scan
Driver Forum

Software
Automatic Updates

BIOS Updates

My Computing.Net

Howtos

Site Search

Message Find

Data Recovery

About

Running a Unix command as a differe

Reply to Message Icon
Original Message
Name: andrewkl
Date: March 19, 2008 at 01:00:06 Pacific
Subject: Running a Unix command as a differe
OS: SunOS Release 5.8 Version
CPU/Ram: 96GB
Model/Manufacturer: Netra T12
Comment:

hi,

I wrote a C program (runas.c) that runs a command as a different user on Solaris 8.
The problem I'm having is that the new user's group memberships aren't going into
effect. Take the following scenario:

I login as "kirk". I need to run some commands as "spock". kirk and spock belong
to these Unix groups:

$ groups kirk spock
kirk : human starfleet
spock : vulcan starfleet

$ ls -l /tmp/.z:
total 16
-rw-rw-r-- 1 kirk human 0 Mar 17 22:37 aa
drwxrwxr-x 2 sarek vulcan 117 Mar 17 22:38 adir

$ /bin/id
uid=5418(kirk) gid=35(starfleet)

$ runas spock /bin/id
uid=7643(spock) gid=35(starfleet)

$ runas spock /bin/touch /tmp/.z/adir/zz
touch: /tmp/.z/adir/zz cannot create

Even though my runas program becomes "spock" without any problems, the "touch"
command can't create "/tmp/.z/adir/zz" because, for some reason, the OS
still sees kirk's group memberships instead of spock's group memberships.

The following is a listing of my C program (runas.c)
What changes must I make so that the group memberships of the new user
take effect?

Thanks in advance
--Andrew
=================================================================
$ cat runas.c

#include <stdio.h>
#include <sys/types.h>
#include <unistd.h>
#include <pwd.h>
#include <grp.h>

main(int argc, char *argv[])
{
struct passwd *pw;
struct group *grp;
char *args[argc];
char command[60];
int i;
char user[20];

if (argc >= 3) {
strcpy(user, argv[1]);
strcpy(command, argv[2]);
} else {
exit(1);
}

if (setuid(0) != 0) {
printf("Cannot proceed...This program doesn't have the proper permissions!\n");
exit(2);
}

/* additional security checks go here... */

pw = getpwnam(user); /* get password record for specified user. */
if (pw == NULL)
{
printf("%s is an invalid username.\n", user );
exit(3);
}

i = setreuid(pw->pw_uid, pw->pw_uid); /* become the specified user! */
if (i != 0)
{
printf("setreuid() failed...\n");
exit(5);
}

for (i = 2; i < argc; i++) {
args[i - 2] = (char *)malloc(strlen (argv [i]) * sizeof(char) + 1);
strcpy(args[i - 2], argv[i]);
}
args[argc - 2] = NULL;

execv(command, args);
printf("%s: execv() failed!!!\n\n", argv[0]);

} /* main() */


Report Offensive Message For Removal

Response Number 1
Name: jefro
Date: March 20, 2008 at 19:11:07 Pacific
Subject: Running a Unix command as a differe
Reply: (edit)

My guess is the path of tmp is kirks not spocks.

I read it wrong and answer it wrong too. So get off my case you peanut.


Report Offensive Follow Up For Removal







Use following form to reply to current message: 

   Name: From My Computing.Net Settings
 E-Mail: From My Computing.Net Settings

Subject: Running a Unix command as a differe

Comments:
         

 


  Homepage URL (*): 
Homepage Title (*): 
         Image URL:
 
Data Recovery Software



Event Veiwer ERROR

Major Virus!.. please help :(

Regular periods of high latency...?

Undetectable Virus??? :(

Application Hang when Domain is not

All Posts Awaiting Replies