From tru64-unix-managers Fri Jan 10 11:19:11 2003 From: Thomas Leitner Date: Fri, 10 Jan 2003 11:19:11 +0000 To: tru64-unix-managers Subject: SUMMARY: setreuid/setregid without SUID bit set. X-MARC-Message: https://marc.info/?l=tru64-unix-managers&m=104219760501786 This list is great as always!! Fast and accurate replies! Terry hit the nail on the head: In my "runas" program I need to first set the GID and then set the UID. I had it the other way around! Thanks Terry. Below's his reply. Thank's also to Wakeman, Lindsay who suggested to use the sudo package. Tom -------------------------------- Replies ---------------------- From: tsh@mrc-lmb.cam.ac.uk To: Thomas Leitner Subject: Re: setreuid/setregid without SUID bit set. Which order do you do the setreuid/setregid? If you set the uid to something without root priv, you wont then be able to set the gid. Make sure you set the gid first. Cheers, Terry. ----------------- From: "Wakeman, Lindsay" To: 'Thomas Leitner' Subject: RE: setreuid/setregid without SUID bit set. Tom If I understand what you are trying to do aright, then the 'sudo' command will do it all - available at www.courtesan.com/sudo/ Lindsay Lindsay Wakeman UNIX Systems Manager, Systems Delivery London The British Library lindsay.wakeman@bl.uk -----Original Message----- From: Thomas Leitner [mailto:tom@radar.tu-graz.ac.at] Sent: 10 January 2003 10:45 To: TRU64 Unix Managers Subject: setreuid/setregid without SUID bit set. Hi, I need to have the ability to run a certain program started by root under a different user account. I know that "su" is able to do that but su leaves a shell hanging around which I want to avoid. So I wrote my own "runas" program which basically does a setreuid/setregid to the desired uid/gid and execs the required program. Another constraint is that the "runas" program is not created with root permissions. Now the problem I'm struggling with is, that my runas program needs to have the GUID bit set (chmod 2755) in order to work. Here's what happens (all commands executed as root): # ls -l runas -rwxr-xr-x 1 optamos users 32768 Jan 10 10:53 runas # ./runas optamos /bin/ls ** ERROR: : Not owner # chmod 4755 runas # ./runas optamos /bin/ls ** ERROR: : Not owner # chmod 2755 runas # ./runas optamos /bin/ls test.dat test1.dat test2.dat ...... Is there any way I can get this going without having to set the "runas" program to mode 2755 ? I've tried to put the respective user into the "system" group but this does not work either. Any other ways? Thanks // Tom -- -------------------------------------------------------------------------- Dr. Tom Leitner Dept. of Communications Graz University of Technology, e-mail : tom@radar.tu-graz.ac.at Inffeldgasse 12 Phone : +43-316-873-7455 A-8010 Graz / Austria / Europe Fax : +43-316-463-697 Home page : http://www.radar.tugraz.at/people/tom.html PGP public key on : ftp://wiis.tu-graz.ac.at/pgp-keys/tom.asc or send mail with subject "get Thomas Leitner" to pgp-public-keys@keys.pgp.net -------------------------------------------------------------------------- Before we have the paperless office, we have the paperless toilet!