From tru64-unix-managers Fri Jan 10 10:44:48 2003 From: Thomas Leitner Date: Fri, 10 Jan 2003 10:44:48 +0000 To: tru64-unix-managers Subject: setreuid/setregid without SUID bit set. X-MARC-Message: https://marc.info/?l=tru64-unix-managers&m=104219552131780 Hi, I need to have the ability to run a certain program started by root under a different user account. I know that "su" is able to do that but su leaves a shell hanging around which I want to avoid. So I wrote my own "runas" program which basically does a setreuid/setregid to the desired uid/gid and execs the required program. Another constraint is that the "runas" program is not created with root permissions. Now the problem I'm struggling with is, that my runas program needs to have the GUID bit set (chmod 2755) in order to work. Here's what happens (all commands executed as root): # ls -l runas -rwxr-xr-x 1 optamos users 32768 Jan 10 10:53 runas # ./runas optamos /bin/ls ** ERROR: : Not owner # chmod 4755 runas # ./runas optamos /bin/ls ** ERROR: : Not owner # chmod 2755 runas # ./runas optamos /bin/ls test.dat test1.dat test2.dat ...... Is there any way I can get this going without having to set the "runas" program to mode 2755 ? I've tried to put the respective user into the "system" group but this does not work either. Any other ways? Thanks // Tom -- -------------------------------------------------------------------------- Dr. Tom Leitner Dept. of Communications Graz University of Technology, e-mail : tom@radar.tu-graz.ac.at Inffeldgasse 12 Phone : +43-316-873-7455 A-8010 Graz / Austria / Europe Fax : +43-316-463-697 Home page : http://www.radar.tugraz.at/people/tom.html PGP public key on : ftp://wiis.tu-graz.ac.at/pgp-keys/tom.asc or send mail with subject "get Thomas Leitner" to pgp-public-keys@keys.pgp.net -------------------------------------------------------------------------- Before we have the paperless office, we have the paperless toilet!