[SOLVED]Is it possible to pass on password to process requiring root privileges
-
I have forgot to tell:
You should install your module as root user. Or chown it to be root.- su
- chown root:root <yourbin>
- chmod +s <yourbin>
- exit to normal user
- check if "s" bit is set: ls -ahl <yourbin>
It should look like that:
@
-rwsr-sr-x 1 root root 7,2K Sep 27 11:19 <yourbin>
@ - ./<yourbin>
It works always!
-
Making your binary suid means that anybody that can start it will be able to run it as root. That may or may not be what you want.
You could also consider moving the root-part out into a D-Bus service and then using "polkit":http://hal.freedesktop.org/docs/polkit/polkit.8.html for the authentication. I never used it, but it seems to be what the cool kids do nowadays:-)
-
setuid() and getuid() don't work on all linux distros. policykit and pam can accomplish what your trying to do. I use pam because policykit brings in gtk deps and uses pam anyways.
policykit deps:
D-Bus GLib Bindings, Linux-PAM, intltool, DocBook XSL Stylesheets,
glib, libffi and Python -
[quote author="zester" date="1348839627"]setuid() and getuid() don't work on all linux distros. policykit and pam can accomplish what your trying to do. I use pam because policykit brings in gtk deps and uses pam anyways.
policykit deps:
D-Bus GLib Bindings, Linux-PAM, intltool, DocBook XSL Stylesheets,
glib, libffi and Python[/quote]
What? setuid & getuid is implemented in kernel since 2.4(2?).* it belongs to each linux with this kernel version or above...
PAM is just package/ 3rd software.. it must be compiled/installed and configured. And for example is not by default on LFS, OpenELEC, etc... -
I don't know and I agree with you but the last time I had this issue (2011?) both ubuntu and fedora had them disabled, meaning they wouldn't work. After doing alot of research I was informed that I should defiantly not be using those fucntions and that most linux distros had them disabled do to security concerns.
Maybe things have changed "I have no idea" I was just pointing out my past experiences and what I was told to use, policykit or pam. Maybe it has something to do with SELinux?
If setuid and getuid is working for you then use them.
Trust me I would much rather use functions that are already provided verses installing a thirdparty package like policykit or pam.
-
Here you go maybe this was the issue I was having back then.
SELinux is preventing dhcpd setgid/setuid access
https://bugzilla.redhat.com/show_bug.cgi?id=737571Maybe ubuntu had the same bug?
Or see here http://fedoraproject.org/wiki/Features/RemoveSETUID
As far as being told not to use them..... What can I say, maybe it was an opinion made by someone with
more experance than I. I will look into it, If I can get rid of one more package that duplicates functionality then good ;) -
right i have forgot about SELinux and grsecurity... they can prevent execution of setuid...
They also need more complex PAM configuration...
But didn't know what ubuntu or fedora have ever used SELinux in Desktop versions. SLED(S) and RHEL uses SELinux by default...Anyway...
The right way for desktop endusers will be: using PAM
Standard way for linux will be: using kernels setuid