tags:

views:

137

answers:

4
+2  Q: 

How can my C/C++ application determine if the root user is executing the command?

Hello,

I am writing an application that requires root user privileges to execute. If executed by a non root user, it exits and terminates with a perror message such as:

    pthread_getschedparam: Operation not permitted

I would like to make the application more user friendly. As part of its early initialization I would like it to check if it is being executed by root or not. And if not root, it would present a message indicating that it can only be run by root, and then terminate.

Thanks in advance for your help.

+8  A: 

getuid or geteuid would be the obvious choices.

Jerry Coffin  2010-07-09 15:54:21
Might want to explain the difference...
R..  2010-07-09 16:25:32
Thank you. I have easily created the logic that uses getuid(), and it now does what I wanted.
John Rocha  2010-07-09 16:45:01
+8  A: 

I would recommend NOT making this change, but instead improving your error message. It's doubtful that your application actually needs to "be root"; instead it needs certain privileges which root has, but which operating systems with fine-grained security controls might be able to grant to the application without giving it full root access. Even if that's not possible now, it may be possible 6 months or 2 years from now, and users are going to be irritated if your program is refusing to run based on backwards assumptions about the permission model rather than just checking that it succeeds in performing the privileged operations it needs to.

R..  2010-07-09 15:54:39
With things like AppArmor and SELinux, the reverse is true as well, the process can be running as root and not be able to access some of the things you take for granted (such as being able to write anywhere), so I agree, a more precise error message is the better option.
HalfBrian  2010-07-09 16:24:30
I hear what you are saying, but this error message is out of my hands. It comes from perror() and/or strerror(). Moreover, its not immediately clear what the fault reason is.In this case the errno returned was EPERM which perror() and strerror() translated into "Operation not permitted"When reading the man pages for pthread_setschedparam() (ACK, I just realized a typo in my error output above), it wasn't immediatelyobvious to me which errno was returned, but I eventually honed in on EPERM which has two fault reason which boiled down to "user permissions" or "invalid parameters"
John Rocha  2010-07-09 16:48:58
Although, I suppose I could add this getuid() check if the pthread_setschedparam() fails with EPERM, and if its not root give a suggestion to try again as root?Ultimately this will protect me from my QA team which will run the application as non-root, it'll fail with the message listed above and they'll log a defect saying its broken. Even if the documentation says it must be run with root privileges. I want to try and make it as clear as possible at the failure point what the problem is.
John Rocha  2010-07-09 16:51:41
When you call pthread_setschedparam, check and see if it fails with EPERM. If so, print a nice message that the user lacks permissions needed for the program to function and suggest running as root.
R..  2010-07-09 19:46:23
+5  A: 

What you really want to check for is if you have the right capability set (CAP_SYS_NICE I think is the capability you need) see man pages capabilities (7) and capget (2) this way it won't error out if you have the ability to do what you want, but you aren't root.

Spudd86  2010-07-09 16:01:25
Capabilities are very Linux-specific, so using this method will hurt the portability of your program. My favorite way to test for the ability to perform privileged operations is just to try the operation and check for errors.
R..  2010-07-09 16:25:11
@spudd86: Thanks for the tip. I will look into this.@R..: Thanks for the warning. Coincidentally enough I am writing a Linux application. Granted portability is nice. I could abstract this check so that if it is ported to another platform they can extend the check as appropriate for their platform.
John Rocha  2010-07-09 16:56:25
Well if it's just for the sake of printing friendlier output, you could just put it all inside #ifdef HAVE_CAPABILITIES or such, and thereby skip the code if it's run on other systems.
R..  2010-07-09 19:47:31
+3  A:  
#include <unistd.h> // getuid
#include <stdio.h> // printf

int main()
{
    if (getuid()) printf("%s", "You must be root!\n");
    else printf("%s", "OK, you are root.\n");
    return 0;
}
Vanni Totaro  2010-07-09 16:20:48
+1 for writing `if (getuid())` rather than `if (getuid()!=0)`. :-) If the program is supposed to work with suid though, you may want to use geteuid() rather than getuid().
R..  2010-07-09 16:24:00

related questions

Of Memory Management, Heap Corruption, and C++
How do I make a GUI?
Alpha blending sprites in Nintendo DS Homebrew
Thread safe lazy contruction of a singleton in C++
Interview Programming Questions - In house Exam
Link issues (VC6)
What are the barriers to understanding pointers and what can be done to overcome them?
Why are professors or schools picking Java over C++ to teach to students?
What is the best way to create a sparse array in C++
C/C++ library for reading MIDI signals from a USB MIDI device
How do you pack a visual studio c++ project for release?
How to set up unit testing for Visual Studio C++
How do I configure and communicate with a serial port?
Lightweight IDE for Linux
Mapping Stream data to data structures in C#
CPU throttling in C++
Asynchronous multi-direction server-client communication over the same open socket?
Exceptions in C++
Heap corruption under Win32; how to locate?
Build for Windows NT 4.0 using Visual Studio 2005?
C++: Should I use nested classes in this case?
BerkeleyDB Concurrency
GTK implementation of MessageBox
Is gettimeofday() guaranteed to be of microsecond resolution?
How to use the C socket API in C++ on z/OS