tags:

views:

106

answers:

3
+2  Q: 

Programmatically requesting elevated rights in Linux

(This question has identical title, but question body asks it in scripting point of view, e.g. su -c, don't dupe this to that)

I have a Qt GUI app that needs to perform some file operations in /etc based on user input. One option would probably to use system() with sudo, but even that requires messing with sudoers file in some point. I also would like not to do system() plus script hacks to modify the files, but proper file operations.

What is the best way to programmatically elevate my applications rights to do this?

Edit: as a bonus, it'd be nice if it would work on Maemo/Meego/other handhelds too (afaik PolicyKit isn't available there..)

+4  A: 

You could use PolicyKit, which is gradually superseding gksu/su/sudo, especially on Ubuntu, for its higher security and fine-grained control because of elevating actions, not the whole program.

Delan Azabani  2010-09-16 12:07:29
PolicyKit looks excessively overcomplicated for such minor operation. Can you provide me an simple example (if such exists) how to achieve extra rights to modify a single file in /etc?
Tuminoid  2010-09-16 12:14:59
+4  A: 

I would write a separate program altogether. Something along the lines of this philosophy. Basically - write a simple program that does exactly what you need, and control its behaviour with file permissions on the filesystem. Mainly,

Do as little as possible in setuid programs.

A setuid program must operate in a very dangerous environment: a user is under complete control of its fds, args, environ, cwd, tty, rlimits, timers, signals, and more. Even worse, the list of controlled items varies from one vendor's UNIX to the next, so it is very difficult to write portable code that cleans up everything.

Of the twenty most recent sendmail security holes, eleven worked only because the entire sendmail system is setuid.

Only one qmail program is setuid: qmail-queue. Its only purpose is to add a new mail message to the outgoing queue.

And,

Do as little as possible as root.

The entire sendmail system runs as root, so there's no way that its mistakes can be caught by the operating system's built-in protections. In contrast, only two qmail programs, qmail-start and qmail-lspawn, run as root.

lorenzog  2010-09-16 12:27:30
+1  A: 

Create a helper setuid program that does only the things you want to do, and fork / exec your application from it. Then drop privileges in the child process. Both applications could communicate over pipes, sockets, or something like that.

Have in mind that setuid programs are a security risk and so you should be very careful when implementing one.

gpeche  2010-09-16 13:08:55

related questions

grep a file, but show several surrounding lines?
VMWare Server Under Linux Secondary NIC connection
Should I move from C++ to Python? ... Or another language?
Globus Toolkit virtual machine
How to avoid redefining VERSION, PACKAGE, etc.
How do I setup Public-Key Authentication?
showing a message box from a bash script in linux
Best Linux Distro for Computer Repair
Mapping my custom keys in Debian
Any IcedTea war stories?
How do you find the age of a long-running Linux process?
Personal Linux web server
Programmatically talking to a Serial Port in OS X or Linux
what's in your .bashrc ?
Linux - files and scripts that execute on boot
Text Editor For Linux (Besides Vi)?
Lightweight IDE for Linux
Shell scripting input redirection oddities
XML Editing/Viewing Software
What should a longtime Windows user know when starting to use Linux?
Gtk SSH client for Linux?
Getting root permissions on a file inside of vi?
Is it possible to drag windows between workspaces when using Compiz?
GTK implementation of MessageBox
Is gettimeofday() guaranteed to be of microsecond resolution?