Running a Unix command as a differe

Original Message

Name: andrewkl
Date: March 19, 2008 at 01:00:06 Pacific
Subject: Running a Unix command as a differe
OS: SunOS Release 5.8 Version
CPU/Ram: 96GB
Model/Manufacturer: Netra T12

Comment:

hi,
I wrote a C program (runas.c) that runs a command as a different user on Solaris 8.
The problem I'm having is that the new user's group memberships aren't going into
effect. Take the following scenario:
I login as "kirk". I need to run some commands as "spock". kirk and spock belong
to these Unix groups:
$ groups kirk spock
kirk : human starfleet
spock : vulcan starfleet

$ ls -l /tmp/.z:
total 16
-rw-rw-r-- 1 kirk human 0 Mar 17 22:37 aa
drwxrwxr-x 2 sarek vulcan 117 Mar 17 22:38 adir

$ /bin/id
uid=5418(kirk) gid=35(starfleet)
$ runas spock /bin/id
uid=7643(spock) gid=35(starfleet)
$ runas spock /bin/touch /tmp/.z/adir/zz
touch: /tmp/.z/adir/zz cannot create
Even though my runas program becomes "spock" without any problems, the "touch"
command can't create "/tmp/.z/adir/zz" because, for some reason, the OS
still sees kirk's group memberships instead of spock's group memberships.
The following is a listing of my C program (runas.c)
What changes must I make so that the group memberships of the new user
take effect?
Thanks in advance
--Andrew
=================================================================
$ cat runas.c
#include <stdio.h>
#include <sys/types.h>
#include <unistd.h>
#include <pwd.h>
#include <grp.h>

main(int argc, char *argv[])
{
struct passwd *pw;
struct group *grp;
char *args[argc];
char command[60];
int i;
char user[20];

if (argc >= 3) {
strcpy(user, argv[1]);
strcpy(command, argv[2]);
} else {
exit(1);
}

if (setuid(0) != 0) {
printf("Cannot proceed...This program doesn't have the proper permissions!\n");
exit(2);
}

/* additional security checks go here... */

pw = getpwnam(user); /* get password record for specified user. */
if (pw == NULL)
{
printf("%s is an invalid username.\n", user );
exit(3);
}

i = setreuid(pw->pw_uid, pw->pw_uid); /* become the specified user! */
if (i != 0)
{
printf("setreuid() failed...\n");
exit(5);
}

for (i = 2; i < argc; i++) {
args[i - 2] = (char *)malloc(strlen (argv [i]) * sizeof(char) + 1);
strcpy(args[i - 2], argv[i]);
}
args[argc - 2] = NULL;

execv(command, args);
printf("%s: execv() failed!!!\n\n", argv[0]);

} /* main() */

Report Offensive Message For Removal

Response Number 1

Name: jefro
Date: March 20, 2008 at 19:11:07 Pacific
Subject: Running a Unix command as a differe

Reply: (edit)

My guess is the path of tmp is kirks not spocks.
I read it wrong and answer it wrong too. So get off my case you peanut.

Report Offensive Follow Up For Removal


runnin unix command from c code Running a simple script remove login text Is hard link valid after running a in.dhcpd howto or what config thing	hme0 refuses to come up Solaris server replacement Non root user processes dies SunOS on IPX: console doesn't work dns solaris7