ProgrammingThis forum is for all programming questions.
The question does not have to be directly related to Linux and any language is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I have the script below that I want to run when my sister logs into her account. But the problem is that `ifconfig up` or `ifconfig down` requires root privileges. How do I initiate the program when she logs in and have root the the runner of the program. I'm running Ubuntu BTW.
Code:
#!/bin/bash
while true
do
elevenpm=`date +%s --date "2300"`
sevenam=`date +%s --date "0700"`
timenow=`date +%s`
if [[ ($timenow -gt $sevenam) && ($timenow -lt $elevenpm) ]]; then
echo "Internet is up"
`ifconfig eth0 up`
else
echo "Internet is going down"
`ifconfig eth0 down`
fi
sleep 5m
done
OK, well if there is no issue with you *and* your sister possibly being logged on at the same time,
and if you don't expect your sister to find and exploit what you put in the script, you can configure
the sudoers file to allow her account to "sudo" to run ifconfig, or a script that runs ifconfig, or
you could have a setuid program, there are a variety of approaches.
im at work so if this is the wrong answer sorry, but if i recall correct:
set the owner of the script as root
and then use the setuid command with in the script just man setuid. Another way to go at this that is kind of a way around it is
vi sudo then add the program and your sister to the list but then you are giving her root access not just the script. could be scary.
Also I would like to point out that we don't know what the OP is actually doing maybe his sister is 12 years old and he is 30 something,
and his mother called him up to come over and limit Internet access for his younger sisters during hours she should be sleeping or something to that effect.
im at work so if this is the wrong answer sorry, but if i recall correct:
set the owner of the script as root
and then use the setuid command with in the script just man setuid. Another way to go at this that is kind of a way around it is
vi sudo then add the program and your sister to the list but then you are giving her root access not just the script. could be scary.
Also I would like to point out that we don't know what the OP is actually doing maybe his sister is 12 years old and he is 30 something,
and his mother called him up to come over and limit Internet access for his younger sisters during hours she should be sleeping or something to that effect.
Your close, I'm 24 and my sister (15) is coming to stay with me for a month and keeping with rules she normally has at home I want to set up the Internet to shut down after 11pm. Since I'm usually long asleep by then I can't just tell her to get off.
I'll look into the setuid command and post an update a little later.
You will then want to change your script to put sudo in front of the ifconfig commands.
HTH
Forrest
p.s. this line translates to your sister's account can from all systems become root to run the two commands without a password. However, you need to make sure that she can't edit the file that is launching the script to not run it.
Since your objective is to terminate the ethernet, a cron job, running as root can serve the purpose. If run periodically (say, every five minutes) during the curfew period, and only shutting down if the selected user is logged in, then turning back on after the end of the curfew period, it should do the job.
I tried this... but it looks like i need to add her to the sudo group, and i'm not too keen on doing that.
Why don't I want to use setuid on scripts.
The reason is security issues. Scripts can do some nasty things on your box with suid of root. With that being said though if you only have two logins(yours and your sisters) and are behind a nat box ( Network address translation) with no dmz ( which 90% of the world probably is) and have no ports forwarded to your box have, basically no outside access. You are perfectly safe doing it, being that you are the one writing the script and never have to worry about someone trying to plant a Trojan. Yes I would agree with the guy above its bad form to do so, but its not like its going to give someone, instant access to your box. There are somethings I want scripts to do for my home box that i think a binary is a little over kill, pluss having to recompile from source for minor changes on somethings can suck. like having a script that Rsyncs multipliable directories ( around 100) to another server. If I had to recompile that from source every time I would go crazy. To many source files to keep up with already. At my work we use the sudoers trick as a workaround, but there are only 3 people in the list and we are all three programmers and basically the whole IT department besides our department manager which isn't in the file ironically...
Adding your sister to the sudoers file doesnt necessarily give her root access... A better way to do this is make a group then add that group to the sudoers file and set it only able to run ifconfig with out the sudo password. then the script will work fine, and in turn fixes you having now two separate scripts to do one thing. let me know and ill post an example if needed..
Last edited by Gortex; 08-04-2010 at 10:54 PM.
Reason: one last thing
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.