Anyone willing to share an SUID wrapper program to take/passarguments to a shell script on Unbuntu?

[bobm3]

As the subject states: I'm NOT a c programmer (wish I was) and I need a
wrapper to be able to run a shell script as a different user. While the
examples I've found seem simple I need it to be able to take one or more
CLI args along with their values and include them to the called script to
execute.

Anyone willing to share/post the code for such a utility?

Thanks all (now back to regularly scheduled programming)

 

[Nobody]

As the subject states: I'm NOT a c programmer (wish I was) and I need a
wrapper to be able to run a shell script as a different user. While the
examples I've found seem simple I need it to be able to take one or more
CLI args along with their values and include them to the called script to
execute.

Use sudo; it can be configured to allow a specific user to run a specific
command with specific arguments as a specific user. It also deals with any
platform-specific quirks (which could be security holes if not handled
correctly).

Also: this is off-topic for c.l.c, as it's primarily a Unix question
rather than a C question. Even if you wrote such a tool in C, it would
be 90% Unix knowledge, 10% C knowledge.

 

[M. Strobel]

Am 13.01.2012 22:42, schrieb (e-mail address removed):

As the subject states: I'm NOT a c programmer (wish I was) and I need a
wrapper to be able to run a shell script as a different user. While the
examples I've found seem simple I need it to be able to take one or more
CLI args along with their values and include them to the called script to
execute.

Anyone willing to share/post the code for such a utility?

Thanks all (now back to regularly scheduled programming)

See the good advice by nemo.

To the C question: it is rather trivial to program, but you would have to do it
yourself to adjust the filtering.

/str.

 

[Markus Wichmann]

As the subject states: I'm NOT a c programmer (wish I was) and I need a
wrapper to be able to run a shell script as a different user. While the
examples I've found seem simple I need it to be able to take one or more
CLI args along with their values and include them to the called script to
execute.

Anyone willing to share/post the code for such a utility?

Thanks all (now back to regularly scheduled programming)

What do you need? Will the following be enough?

#include <sys/types.h>
#include <unistd.h>
#include <stdio.h>
#include <stdlib.h>

#define SCRIPT "/usr/bin/script_or_whatever"

int main(int argc, char* argv[])
{
char **args;
int i = 1;
if (argc < 2) return 110;
if (setuid(geteuid())) { perror("setuid"); return 111; }
args = malloc(argc * sizeof *args); //Yeah, I know, no free()
//well, exec() and exit() free anyway!
if (!args) { fputs("out of memory\n", stderr); return 112; }
args[0] = SCRIPT;
for (; i < argc; i++) args = argv;
execvp(args[0], args);
perror("exec"); return 112;
}

This sets the real UID to the EUID and execs the argument. The
traditional approach to limiting its use is to install it as owner:group
= what you need:something new, file mode 4750 (rwsr-x---), than add each
user that may execute that file to the newly created group. In the long
run that leads to a _ton_ of groups and no-one having any real clue as
to what's what.

You can maximize security here by linking the above file statically
(leading to less code executed with elevated privileges). If you only
want a few more privileges, you could possibly go for file capabilities.

OTOH: What do you really want to do?

HTH,
Markus