As the subject states: I'm NOT a c programmer (wish I was) and I need a
wrapper to be able to run a shell script as a different user. While the
examples I've found seem simple I need it to be able to take one or more
CLI args along with their values and include them to the called script to
execute.
Anyone willing to share/post the code for such a utility?
Thanks all (now back to regularly scheduled programming)
What do you need? Will the following be enough?
#include <sys/types.h>
#include <unistd.h>
#include <stdio.h>
#include <stdlib.h>
#define SCRIPT "/usr/bin/script_or_whatever"
int main(int argc, char* argv[])
{
char **args;
int i = 1;
if (argc < 2) return 110;
if (setuid(geteuid())) { perror("setuid"); return 111; }
args = malloc(argc * sizeof *args); //Yeah, I know, no free()
//well, exec() and exit() free anyway!
if (!args) { fputs("out of memory\n", stderr); return 112; }
args[0] = SCRIPT;
for (; i < argc; i++) args
= argv;
execvp(args[0], args);
perror("exec"); return 112;
}
This sets the real UID to the EUID and execs the argument. The
traditional approach to limiting its use is to install it as owner:group
= what you need:something new, file mode 4750 (rwsr-x---), than add each
user that may execute that file to the newly created group. In the long
run that leads to a _ton_ of groups and no-one having any real clue as
to what's what.
You can maximize security here by linking the above file statically
(leading to less code executed with elevated privileges). If you only
want a few more privileges, you could possibly go for file capabilities.
OTOH: What do you really want to do?
HTH,
Markus