'setreuid/setregid without SUID bit set.'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       tru64-unix-managers
Subject:    setreuid/setregid without SUID bit set.
From:       Thomas Leitner <tom () radar ! tu-graz ! ac ! at>
Date:       2003-01-10 10:44:48
[Download RAW message or body]


Hi,

I need to have the ability to run a certain program started by root
under a different user account. I know that "su" is able to do that
but su leaves a shell hanging around which I want to avoid. So I wrote
my own "runas" program which basically does a setreuid/setregid to the
desired uid/gid and execs the required program.

Another constraint is that the "runas" program is not created with
root permissions. Now the problem I'm struggling with is, that my
runas program needs to have the GUID bit set (chmod 2755) in order
to work. Here's what happens (all commands executed as root):

# ls -l runas
-rwxr-xr-x   1 optamos  users      32768 Jan 10 10:53 runas
# ./runas optamos /bin/ls
** ERROR: : Not owner
# chmod 4755 runas
# ./runas optamos /bin/ls
** ERROR: : Not owner
# chmod 2755 runas
# ./runas optamos /bin/ls
test.dat               test1.dat              test2.dat
......

Is there any way I can get this going without having to set the
"runas" program to mode 2755 ? I've tried to put the respective user
into the "system" group but this does not work either. Any other ways?

Thanks // Tom
-- 
--------------------------------------------------------------------------
Dr. Tom Leitner                             Dept. of Communications
                                            Graz University of Technology,
e-mail    : tom@radar.tu-graz.ac.at         Inffeldgasse 12
Phone     : +43-316-873-7455                A-8010 Graz / Austria / Europe
Fax       : +43-316-463-697
Home page : http://www.radar.tugraz.at/people/tom.html
PGP public key on : ftp://wiis.tu-graz.ac.at/pgp-keys/tom.asc or send
mail with subject "get Thomas Leitner" to pgp-public-keys@keys.pgp.net
--------------------------------------------------------------------------
    Before we have the paperless office, we have the paperless toilet!
[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic