LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Newbie (https://www.linuxquestions.org/questions/linux-newbie-8/)
-   -   Java / applying elevated permissions when running a particular .jar file (https://www.linuxquestions.org/questions/linux-newbie-8/java-applying-elevated-permissions-when-running-a-particular-jar-file-874450/)

fifthfiend 04-11-2011 06:13 PM
Java / applying elevated permissions when running a particular .jar file
 
Fairly new to running a Linux server. Trying to find an answer to this problem regarding user permissions:

I have user A who owns a .jar file
I have user B. who needs to run the .jar file
I have Java which is owned by root.

I would like to work out whether/how user B can run the .jar file, in Java, with the permissions of user A.

As I understand it, a running process in Linux typically takes the permissions of the user who executes it. However, the way I'd like to configure user B, the permissions I want them to have wouldn't be sufficient for the process to successfully run.

I know you can also set a process to take the permissions of the owner of that process, but in this case the actual... executing process would be Java, which runs the .jar file, and I def. don't need this, let alone every single instance of Java on my server, to execute with root priviledges.

So like I said, basically I am trying to work out how to let user B run this specific process with the process elevated to this set of priviledges which user B otherwise does not have.

If anyone can help me out - or for that matter, otherwise point out any errors in my understanding of how Linux/Java work, I'd really appreciate it.



As far as the why of all of this: I recently started running a Minecraft server for myself and some friends and am running it via Linux. I'd like to set things up so that a friend of mine can, as needed, telnet into the server and restart Minecraft as needed, as well as a couple of other things, without giving this friend the same access rights I've given myself to the same files.

The minecraft server process runs in a screen, and I've worked out where screen can be set up so multiple users can get into it. However, if I'm running minecraft under my own user name, then that seems like it will just end up letting my friend, from his account, screen into my own account. SO the brilliant idea I had was, what if I had one user account which only existed to run the server, which both me and my friend could screen into as needed, which wouldn't have any more rights to anything than my friend has with the exception of being able to execute this one .jar in Java.

GRANTED, I could actually probably just give my friend access to everything, he's a pretty good friend I trust not to screw around with things, but part of the point of running the server is actually to make myself expand my knowledge of Linux a bit and forcing myself to work out how to do things the hard way.

As said, any help would be appreciated.

themanwhowas 04-12-2011 01:12 AM
setuid bit in file permissions allow other users to run a file with the same permissions as the owner of that file. log in as root and find the files that you need to run, maybe '/etc/minecraft/server.jar' for example. to set suid, type 'chmod u+s /etc/minecraft/server.jar'. This adds that special permission so anybody can run that file and it will be executed as root. Be careful what you set suid on though. Some things require root only access for a reason and setting suid allows anybody to run things that maybe they shouldn't.


All times are GMT -5. The time now is 07:38 PM.