LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 02-05-2006, 12:45 AM   #1
Akhran
Member
 
Registered: Aug 2005
Distribution: Debian 'lenny'
Posts: 208

Rep: Reputation: 30
Is there a 'Run As' (aka Windows) option in Linux?


In Windows, we can choose to run a program as another user different from the login account (right click on the program icon and choose run as).

In Linux, is that possible too? If I have a script that is owned by john, how do I configure the script to auto run upon each bootup with user account 'peter'?

Thanks !
 
Old 02-05-2006, 01:07 AM   #2
btmiller
Senior Member
 
Registered: May 2004
Location: In the DC 'burbs
Distribution: Arch, Scientific Linux, Debian, Ubuntu
Posts: 4,284

Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
Use the su command, see "man su" for more details.
 
Old 02-05-2006, 01:29 AM   #3
Akhran
Member
 
Registered: Aug 2005
Distribution: Debian 'lenny'
Posts: 208

Original Poster
Rep: Reputation: 30
Thanks, that can be invoked once I'm at the commandline. How about those scripts that are run at bootup?. Eg. /etc/rc2.d/S10myscript will run at sequence number 10 when the system boot into runlevel 2. How do I use the su command to enable 'myscript' to run as another user besides the owner of 'myscript' when entering runlevel 2?

Thanks again

Quote:
Originally Posted by btmiller
Use the su command, see "man su" for more details.
 
Old 02-05-2006, 06:01 AM   #4
Dtsazza
Member
 
Registered: Oct 2005
Location: Oxford, UK
Distribution: Debian Etch (w/ dual-boot XP for gaming)
Posts: 282

Rep: Reputation: 30
If you always want a script to be run as a certain user, you can use the SUID bit... I'm not sure how familiar you are with the concept of permissions in Linux, but this is an advanced part of that.

OK, so each file has a user and a group that owns it, and a set of permissions that say what its owner; people in the owning group; and anyone else can do to it (read, write and/or execute). If you do ls -l on a file, you'll see this information on the left as something like:
Code:
-rwxr-xr-x  1 adoyle users  187 2005-07-06 15:48 pentax
Firstly, note that 'adoyle' owns this file and that it belongs to the groups 'users'. The permissions are represented on the left, and you can think of them as three groups of three - 'rwx' for the owner, 'r-x' for the group and 'r-x' for "world". Basically, the owner (adoyle) can read, write and execute (run) this file, while others can only read and execute.

OK, so that's your basic permission to execute. But what if there was some resource that only adoyle had permission to, that the file needed to run? And further, you didn't just want to give access to it willy-nilly except through the script (let's drop the idea of adoyle here and think more about root, and all the priviledged things it can do)? You can set a special permission so that anyone executing the file with that permission, runs it as the file's owner. If this is done, the file shouldn't be writable by anyone other than the owner (for hopefully obvious reasons).

To set this bit, just issue the command
Code:
chmod +s <filename>
and from that point on anyone executing that file will do so as if they were both the owner and a member of the owning group.



Of course, this is a permanent association with the file itself, and may not be what you wanted. If you're just looking to quickly and temporarily run the file as another user (in a windows way), I think both KDE and GNOME have a "run as other user" option on their right-click menu (it's been a while since I've used either, so I'm not sure of either the name or the details of where it appears, but it's there. I think KDE's is something like kdesu).

HTH,
Andrzej
 
Old 02-05-2006, 08:10 AM   #5
Akhran
Member
 
Registered: Aug 2005
Distribution: Debian 'lenny'
Posts: 208

Original Poster
Rep: Reputation: 30
Suppose I have another user 'john' and he is in the 'users' group, how do I get the script 'pentax' to run as 'john' (instead of adoyle) as the system enters the default runlevel (during boot up)?

I guess the manual way would be to login into the console, stop the script, su as john and restart the script, but that would be abit tedious if one has to do this each time the system boot up.

PS. Running without a GUI.

Thanks for the help

Quote:
Originally Posted by Dtsazza
If you always want a script to be run as a certain user, you can use the SUID bit... I'm not sure how familiar you are with the concept of permissions in Linux, but this is an advanced part of that.

OK, so each file has a user and a group that owns it, and a set of permissions that say what its owner; people in the owning group; and anyone else can do to it (read, write and/or execute). If you do ls -l on a file, you'll see this information on the left as something like:
Code:
-rwxr-xr-x  1 adoyle users  187 2005-07-06 15:48 pentax
Firstly, note that 'adoyle' owns this file and that it belongs to the groups 'users'. The permissions are represented on the left, and you can think of them as three groups of three - 'rwx' for the owner, 'r-x' for the group and 'r-x' for "world". Basically, the owner (adoyle) can read, write and execute (run) this file, while others can only read and execute.

OK, so that's your basic permission to execute. But what if there was some resource that only adoyle had permission to, that the file needed to run? And further, you didn't just want to give access to it willy-nilly except through the script (let's drop the idea of adoyle here and think more about root, and all the priviledged things it can do)? You can set a special permission so that anyone executing the file with that permission, runs it as the file's owner. If this is done, the file shouldn't be writable by anyone other than the owner (for hopefully obvious reasons).

To set this bit, just issue the command
Code:
chmod +s <filename>
and from that point on anyone executing that file will do so as if they were both the owner and a member of the owning group.



Of course, this is a permanent association with the file itself, and may not be what you wanted. If you're just looking to quickly and temporarily run the file as another user (in a windows way), I think both KDE and GNOME have a "run as other user" option on their right-click menu (it's been a while since I've used either, so I'm not sure of either the name or the details of where it appears, but it's there. I think KDE's is something like kdesu).

HTH,
Andrzej
 
Old 02-05-2006, 10:23 AM   #6
Netizen
Member
 
Registered: Sep 2003
Location: Texas
Distribution: Slackware and Ubuntu
Posts: 355

Rep: Reputation: 30
Quote:
Originally Posted by Akhran
Suppose I have another user 'john' and he is in the 'users' group, how do I get the script 'pentax' to run as 'john' (instead of adoyle) as the system enters the default runlevel (during boot up)?
I'm not an expert by any means, but based on what dtsazza told you. If "john" is the owner of the script "pentax" than just set the suid bit. If "john" isn't the owner, then perhaps you could change the owner of the script "pentax" to "john" then set the suid bit?

also, if you just wanted to run the script from the console you could use
Code:
$ su john -c path_to_pentax
basically the -c option tells su to run the command then return to your shell not "john's" shell.

Last edited by Netizen; 02-05-2006 at 10:27 AM.
 
Old 02-05-2006, 01:01 PM   #7
Akhran
Member
 
Registered: Aug 2005
Distribution: Debian 'lenny'
Posts: 208

Original Poster
Rep: Reputation: 30
Is it the same with daemon too?

Code:
ls -l /sbin/klogd
-rwxr-xr-x 1 root root 22220 2005-09-24 04:08 /sbin/klogd
It is owned by root and root group, but when I do a 'ps aux', I see the daemon as running by a user called 'klog'. How was it configured such that the daemon is run by a user other than the owner or by a specific user ('klog' in this case')?

Thanks !


Quote:
Originally Posted by Netizen
I'm not an expert by any means, but based on what dtsazza told you. If "john" is the owner of the script "pentax" than just set the suid bit. If "john" isn't the owner, then perhaps you could change the owner of the script "pentax" to "john" then set the suid bit?

also, if you just wanted to run the script from the console you could use
Code:
$ su john -c path_to_pentax
basically the -c option tells su to run the command then return to your shell not "john's" shell.
 
Old 02-06-2006, 11:47 AM   #8
Dtsazza
Member
 
Registered: Oct 2005
Location: Oxford, UK
Distribution: Debian Etch (w/ dual-boot XP for gaming)
Posts: 282

Rep: Reputation: 30
Quote:
Originally Posted by Akhran
How was it configured such that the daemon is run by a user other than the owner or by a specific user ('klog' in this case')?
I had trouble understanding what your question was at first, but after thinking about it, it's very likely that 'klog' is in fact a user. Linux (and some applications when they're installed) create several users in order to fine tune ownerships and permissions. If you:
Code:
cut /etc/passwd -d : -f 1
you can see all the users on your system. You might be confused as to why you don't see their names at the graphical login screen. This is quite simply because all users have a corresponding number (called the UID), and your login manager is configured by default to ignore all users below a certain UID (500 or 1000 is common), and the kernel generates all these non-human users with low UIDs so they won't appear as 'real' ones.

So once you realise that 'klog' really is a user (even if not a person), you can see from the permissions on that file that everyone has normal execute permissions. Thus any user can run klogd (though I'd imagine the program would fall over halfway through if you did it as your normal logon). In terms of how Linux started it as klog instead of as your user, it's more or less just using 'su' to change users. (I'm not completely sure of the details of this, but I don't think that matters so much).

And FYI if you didn't know, klogd is the Kernel LOG Daemon.
 
Old 02-06-2006, 01:52 PM   #9
haertig
Senior Member
 
Registered: Nov 2004
Distribution: Debian, Ubuntu, LinuxMint, Slackware, SysrescueCD
Posts: 2,131

Rep: Reputation: 333Reputation: 333Reputation: 333Reputation: 333
Quote:
Originally Posted by Akhran
Eg. /etc/rc2.d/S10myscript will run at sequence number 10 when the system boot into runlevel 2. How do I use the su command to enable 'myscript' to run as another user besides the owner of 'myscript' when entering runlevel 2?
You can do this if you really want to, but consider it bordering on dangerous. See explanation below.

The trick is to have S10myscript be nothing more than a wrapper for a different script. S10myscript will be run as root, and it's contents need to be something along the lines of:
Code:
su peter -c /path/to/the/real/script/owned/by/john "$@"
This will run the john-owned script as userid peter.

WARNING! This implies that root trusts john not to screw with peter!

It is not implicitly bad for root to run a script as a different userid. This is done all the time. However, that script should usually be owned by root and not writeable by others unless there is some compelling reason that overrides the security concerns.

WARNING WARNING WARNING! If you ever have root run a script owned and writeable by somebody else, AS USERID ROOT, you've wiped out any semblance of security your system ever had!!!
 
Old 02-07-2006, 06:06 AM   #10
mjjzf
Member
 
Registered: Feb 2004
Location: Valby, Denmark / Citizen of the Web
Distribution: Slackware 14.1
Posts: 879

Rep: Reputation: 39
I still think a group structure with sudo rights would be more sensible. Doing user_alpha work with user_beta is very, very, very, very, very, very bad policy.
You would want to consider creating a system_log_user group or whatever and then giving sudo execute rights of the program, script or daemon to this group.
 
Old 02-10-2006, 10:09 PM   #11
Akhran
Member
 
Registered: Aug 2005
Distribution: Debian 'lenny'
Posts: 208

Original Poster
Rep: Reputation: 30
Thanks for all the replies, I have learnt much
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
'run as' from rc.5 startup script davee Linux - General 2 03-10-2005 03:36 AM
the option in linux similar to control panel in windows sailaja Linux - Software 5 12-01-2004 01:04 PM
Kernel Panic...aKa What boot option do I use?! Diademed Linux - Newbie 10 09-17-2004 12:59 AM
Can "minimize all windows" aka <windows>-m be emulated in Fedora Linux? jdruin Linux - Software 4 04-19-2004 09:19 PM
Dual Boot option with Linux and Windows XP kuyalfinator General 11 01-16-2004 02:24 AM


All times are GMT -5. The time now is 07:53 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration