Menu
I want a user-privileged (not root) process to launch new processes as user nobody. I've tried a straight call to setuid that fails with -1 EPERM on Ubuntu 8.04:
#include <sys/types.h>
#include <unistd.h>
int main() {
setuid(65534);
while (1);
return 0;
}
How should I do this instead?
432
You will require assistance and a lot of trust from your system administrator. Ordinary users are not able to run the executable of their choice on behalf on other users, period.
She may add your application to /etc/sudoers with proper settings and you'll be able to run it as with sudo -u nobody. This will work for both scripts and binary executables.
Another option is that she will do chown nobody and chmod +s on your binary executable and you'll be able to execute it directly. This task must be repeated each time your executable changes.
This could also work for scripts if you'll create a tiny helper executable which simply does exec("/home/you/bin/your-application"). This executable can be made suid-nobody (see above) and you may freely modify your-application.
139
As far as I know, you can't unless you're root or have sudo set up to allow you to switch users. Or, you can have your executable have the suid bit set up on it, and have it owned by nobody. But that requires root access too.
33
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
