Linux Setuid with Proxy Executables

Qt Using Shared Memory with Different Processes and Shared Libraries


Sometimes a non-root user may need to run certain commands as if they were root - or echo values to /dev or /sys files, etc. This is an extremely dangerous configuration - think denial of service attack, but nonetheless if you have a need and are in a safe environment, you could "setuid" on executable that needs to be run in order to allow a non-root user to execute it as if the root user had. Setuid stands for "set user ID upon execution" and you can read all about it here: http://en.wikipedia.org/wiki/Setuid.

Here is how you set the appropriate permissions to make this possible:

sudo chown root:`id -un` program_to_run_as_root

sudo chmod 6711 program_to_run_as_root

That is for executables, if you want to do achieve the same effect for a shell script, you could set up a proxy program with setuid permissions, and then within that executable, perform a system() call to run the script as though root had run it. Here is a simple example:

#include <QCoreApplication>

/// Fork and exec requires this

#include<stdio.h>

#include<stdlib.h>

#include<unistd.h>

#include<sys/wait.h>

#include<sys/types.h>


int main(int argc, char *argv[])

{

QCoreApplication a(argc, argv);


setuid( 0 );

int status = system( "/usr/sbin/privileged_shell_script.sh" );

return a.exec();

}

Happy Coding!



ClassyBits 2016