views:

1016

answers:

4

I want a user-privileged (not root) process to launch new processes as user "nobody". I've tried a straight call to setuid that fails with -1 EPERM on Ubuntu 8.04:

#include <sys/types.h>
#include <unistd.h>

int main() { 
       setuid(65534);
       while (1);
return 0;
}

How should I do this instead?

+1  A: 

As far as I know, you can't unless you're root or have sudo set up to allow you to switch users. Or, you can have your executable have the suid bit set up on it, and have it owned by nobody. But that requires root access too.

zigdon
+6  A: 

You will require assistance and a lot of trust from your system administrator. Ordinary users are not able to run the executable of their choice on behalf on other users, period.

She may add your application to /etc/sudoers with proper settings and you'll be able to run it as with sudo -u nobody. This will work for both scripts and binary executables.

Another option is that she will do chown nobody and chmod +s on your binary executable and you'll be able to execute it directly. This task must be repeated each time your executable changes.

This could also work for scripts if you'll create a tiny helper executable which simply does exec("/home/you/bin/your-application"). This executable can be made suid-nobody (see above) and you may freely modify your-application.

Hope it helps,

squadette
Thank you. One extra comment: it appears you also need to use seteuid() instead, as setuid is reserved for root. I administer my own Ubuntu desktop, but I appreciate the concern for those who don't.
jldugger
seteuid() also has very limited use by non-root user. Man pages on seteuid() and setreuid() have almost all of the details.
squadette
Please mark the answer as "accepted" if it is so. Thank you,
squadette
A: 

calife is an alternative to sudo.

/Allan

Allan Wind
A: 

The 'nobody' user is still a user. I'm not sure what your reasoning is in having the program run as nobody, it's not going to be adding any additional security. You're more likely to open yourself to other problems.

I'd follow squadette's recommendation of using a helper application.

Hugh Buchanan
This question was inspired by the Google Chrome browser, which uses some curious Vista technology to improve security. The principle of least privilege applies here; nobody is a user, but has little to no file write permissions.
jldugger