Reputation: 11
How can I switch user during execution using C on Linux
I'm writing an application using C on Linux. In my application, I need to do some tasks at the beginning with normal user (Non root user) while I need to do some tasks with root user in the middle of execution as well.
By the way, I cannot modify configurations of normal user. So I cannot add normal user to sudoers. I cannot modify any OS configurations as well.
What my application really do is execute applications, get their outputs for analysing.
Some applications need to be run with root. I use multi-threads to execute and analyse outputs of these applications in parallel then stores report of each application in a singleton called Report. I call these applications using execvp in sub-process.
The main purpose of my application is to automate software testing. And most task is required to run in software owner which shall not be root.
So, the problem is
- how can I switch user during execution?
- Is there anyway that I can implement this within 1 executable?
- Do this with POSIX APIs is better.
- Run my application with normal user, provide root password to my application, switch to root using root password.
Upvotes: 1
Views: 1580
Answers (1)
Reputation: 1
Read more about setuid executables and setreuid(2) and execve(2) syscalls. Be careful, you'll need to put the setuid flag on the executable with chmod u+s (see chmod(1)) after changing its ownership (with chown(1)) and code carefully to avoid security holes.
(so I recommend to have your code reviewed by someone knowing the setuid mechanism and aware of security issues)
Setuid is the basic mechanism (used by su, sudo, super, login etc...) programs to get (or revoke) privileges. See credentials(7) & capabilities(7).
It could be safer to start some helper process (as root, or start some setuid executable perhaps in /usr/libexec/ ...) and communicate with it using some inter-process communication facilities (like pipe(7)...). For example, it is not recommended to use GUI toolkits like GTK or Qt in root processes. If your app has some GUI, it is reasonable to run its GUI in a non-root (ordinary user) process and run as root the (hopefully small) helper process doing the real job requiring special privileges.
Before coding, I recommend reading a good book like Advanced Linux Programming and syscalls(2) and the documentation of every system call you would use. Security aspects are especially important.
Setuid executables don't necessarily require or use any password; it is the other way round: programs requiring passwords (notably login, su, sudo etc....) are setuid (and they are free software on Linux so you can study their source code); try ls -l /bin/su /usr/bin/sudo /bin/login to check that.
Since you want to emulate various user environments, be aware of environ(7).
Upvotes: 4
Related Questions
- Linux C programming execute as user
- Execute program from within a C program
- Execute programs out of C
- C Shell to execute commands
- How to run bash with root rights in C program?
- How do I change linux user within C code?
- context switch between two processes in linux
- how to get user of current process
- Executing C program in Linux Terminal
- executing c program using system call