[SOLVED]Is it possible to pass on password to process requiring root privileges
-
Of cause it is possible on Windows. There is an list of WINAPI functions to do that:
ShellExecute (maybe not the best use for this, but it works from win 2000 to win7)
CreateProcessWithLogon (simple to use)
and another two with more flexible options:
CreateProcessAsUser
CreateProcessWithToken -
I use Ubuntu (Linux), actually my application does not need root privileges. But it has one module which requires root privileges. That module needs to be run everytime i start my application. i wish to ask for root password only the first time user starts the application and store the root password internally. Next time when user runs my application, i want to run the module using password stored on first usage, without troubling the user to type in password every time.
-
Is this module an executable file?
If so, you can simply set sticky bit during installation and use setuid() to gain root privilege in your module.@
su - root
chmod +s <your executable binary>
@
@
#include <sys/types.h>
#include <unistd.h>int main(...)
{
....
qDebug() << "Current user ID: " << getuid() << " user group: " << getgid();
if (setuid(0) != 0)
{
qCritical() << "Can't get root access";
return;
}// we have root access now
qDebug() << "Current user ID: " << getuid() << " user group: " << getgid();
}
@ -
You then don't even need to know the root password.....
-
I was looking for a working setuid() method. Thanks a ton for making it look so easy.
Edit 1:
It didn't work!
@Current user ID: 1000 user group: 1000
Can't get root access@Edit 2:
@Cannot connect creator comm socket /tmp/qt_temp.Vr2940/stub-socket: No such file or directory@
I get this error.Moderator Edit: Instead of replying to yourself, please just edit your last post. I have merged your three posts into one; Andre
-
I have forgot to tell:
You should install your module as root user. Or chown it to be root.- su
- chown root:root <yourbin>
- chmod +s <yourbin>
- exit to normal user
- check if "s" bit is set: ls -ahl <yourbin>
It should look like that:
@
-rwsr-sr-x 1 root root 7,2K Sep 27 11:19 <yourbin>
@ - ./<yourbin>
It works always!
-
Making your binary suid means that anybody that can start it will be able to run it as root. That may or may not be what you want.
You could also consider moving the root-part out into a D-Bus service and then using "polkit":http://hal.freedesktop.org/docs/polkit/polkit.8.html for the authentication. I never used it, but it seems to be what the cool kids do nowadays:-)
-
setuid() and getuid() don't work on all linux distros. policykit and pam can accomplish what your trying to do. I use pam because policykit brings in gtk deps and uses pam anyways.
policykit deps:
D-Bus GLib Bindings, Linux-PAM, intltool, DocBook XSL Stylesheets,
glib, libffi and Python -
[quote author="zester" date="1348839627"]setuid() and getuid() don't work on all linux distros. policykit and pam can accomplish what your trying to do. I use pam because policykit brings in gtk deps and uses pam anyways.
policykit deps:
D-Bus GLib Bindings, Linux-PAM, intltool, DocBook XSL Stylesheets,
glib, libffi and Python[/quote]
What? setuid & getuid is implemented in kernel since 2.4(2?).* it belongs to each linux with this kernel version or above...
PAM is just package/ 3rd software.. it must be compiled/installed and configured. And for example is not by default on LFS, OpenELEC, etc... -
I don't know and I agree with you but the last time I had this issue (2011?) both ubuntu and fedora had them disabled, meaning they wouldn't work. After doing alot of research I was informed that I should defiantly not be using those fucntions and that most linux distros had them disabled do to security concerns.
Maybe things have changed "I have no idea" I was just pointing out my past experiences and what I was told to use, policykit or pam. Maybe it has something to do with SELinux?
If setuid and getuid is working for you then use them.
Trust me I would much rather use functions that are already provided verses installing a thirdparty package like policykit or pam.
-
Here you go maybe this was the issue I was having back then.
SELinux is preventing dhcpd setgid/setuid access
https://bugzilla.redhat.com/show_bug.cgi?id=737571Maybe ubuntu had the same bug?
Or see here http://fedoraproject.org/wiki/Features/RemoveSETUID
As far as being told not to use them..... What can I say, maybe it was an opinion made by someone with
more experance than I. I will look into it, If I can get rid of one more package that duplicates functionality then good ;) -
right i have forgot about SELinux and grsecurity... they can prevent execution of setuid...
They also need more complex PAM configuration...
But didn't know what ubuntu or fedora have ever used SELinux in Desktop versions. SLED(S) and RHEL uses SELinux by default...Anyway...
The right way for desktop endusers will be: using PAM
Standard way for linux will be: using kernels setuid