LinuxQuestions.org
Support LQ: Use code LQ3 and save $3 on Domain Registration
Go Back   LinuxQuestions.org > Forums > Non-*NIX Forums > Programming
User Name
Password
Programming This forum is for all programming questions.
The question does not have to be directly related to Linux and any language is fair game.

Notices

Reply
 
Search this Thread
Old 08-03-2010, 05:31 PM   #1
Eredeath
Member
 
Registered: Jul 2008
Distribution: Arch
Posts: 41
Blog Entries: 3

Rep: Reputation: 16
run script at login that requires root privileges


I have the script below that I want to run when my sister logs into her account. But the problem is that `ifconfig up` or `ifconfig down` requires root privileges. How do I initiate the program when she logs in and have root the the runner of the program. I'm running Ubuntu BTW.
Code:
#!/bin/bash

while true
do
	elevenpm=`date +%s --date "2300"`
	sevenam=`date +%s --date "0700"`
	timenow=`date +%s`
	if [[ ($timenow -gt $sevenam) && ($timenow -lt $elevenpm) ]]; then
		echo "Internet is up"
		`ifconfig eth0 up`
	else
		echo "Internet is going down"
		`ifconfig eth0 down`
	fi 
	sleep 5m

done
 
Old 08-03-2010, 06:59 PM   #2
kakaka
Member
 
Registered: Sep 2003
Posts: 382

Rep: Reputation: 86
If you simply wish to take eth0 up or down at a certain time, I would simplify things by placing those commands in a crontab.
 
Old 08-03-2010, 07:32 PM   #3
Eredeath
Member
 
Registered: Jul 2008
Distribution: Arch
Posts: 41
Blog Entries: 3

Original Poster
Rep: Reputation: 16
But I only want it to happen when my sister is logged on. If I'm on I don't want to take down eth0.
 
Old 08-03-2010, 09:46 PM   #4
kakaka
Member
 
Registered: Sep 2003
Posts: 382

Rep: Reputation: 86
OK, well if there is no issue with you *and* your sister possibly being logged on at the same time,
and if you don't expect your sister to find and exploit what you put in the script, you can configure
the sudoers file to allow her account to "sudo" to run ifconfig, or a script that runs ifconfig, or
you could have a setuid program, there are a variety of approaches.
 
Old 08-04-2010, 01:35 AM   #5
John VV
Guru
 
Registered: Aug 2005
Posts: 12,833

Rep: Reputation: 1709Reputation: 1709Reputation: 1709Reputation: 1709Reputation: 1709Reputation: 1709Reputation: 1709Reputation: 1709Reputation: 1709Reputation: 1709Reputation: 1709
seeing as you want to play a prank on your sis.
do some research and LEARN something and do it your self AFTER you have learned how to do that.
 
0 members found this post helpful.
Old 08-04-2010, 11:20 AM   #6
Gortex
Member
 
Registered: Nov 2005
Location: Enid Ok
Distribution: ubuntu 64 , debian , fedora core , vista ultimate 64, Winows 7 64 ultimate :p
Posts: 219

Rep: Reputation: 30
im at work so if this is the wrong answer sorry, but if i recall correct:
set the owner of the script as root
and then use the setuid command with in the script just man setuid. Another way to go at this that is kind of a way around it is
vi sudo then add the program and your sister to the list but then you are giving her root access not just the script. could be scary.

Also I would like to point out that we don't know what the OP is actually doing maybe his sister is 12 years old and he is 30 something,
and his mother called him up to come over and limit Internet access for his younger sisters during hours she should be sleeping or something to that effect.
 
1 members found this post helpful.
Old 08-04-2010, 04:39 PM   #7
Eredeath
Member
 
Registered: Jul 2008
Distribution: Arch
Posts: 41
Blog Entries: 3

Original Poster
Rep: Reputation: 16
Quote:
Originally Posted by Gortex View Post
im at work so if this is the wrong answer sorry, but if i recall correct:
set the owner of the script as root
and then use the setuid command with in the script just man setuid. Another way to go at this that is kind of a way around it is
vi sudo then add the program and your sister to the list but then you are giving her root access not just the script. could be scary.

Also I would like to point out that we don't know what the OP is actually doing maybe his sister is 12 years old and he is 30 something,
and his mother called him up to come over and limit Internet access for his younger sisters during hours she should be sleeping or something to that effect.
Your close, I'm 24 and my sister (15) is coming to stay with me for a month and keeping with rules she normally has at home I want to set up the Internet to shut down after 11pm. Since I'm usually long asleep by then I can't just tell her to get off.
I'll look into the setuid command and post an update a little later.
 
Old 08-04-2010, 05:03 PM   #8
forrestt
Senior Member
 
Registered: Mar 2004
Location: Cary, NC, USA
Distribution: Fedora, Kubuntu, RedHat, CentOS, SuSe
Posts: 1,288

Rep: Reputation: 99
NEVER set a script suid. Binaries, yes. Scripts, NO!!!!

That said, the best solution I can think of is to put the following into the sudoers file:

Code:
sisuser ALL=(root) NOPASSWD: /sbin/ifconfig eth0 down, /sbin/ifconfig eth0 up
This can be done most easily by running:

Code:
echo 'sisuser ALL=(root) NOPASSWD: /sbin/ifconfig eth0 down, /sbin/ifconfig eth0 up' >> /etc/sudoers
You will then want to change your script to put sudo in front of the ifconfig commands.

HTH

Forrest

p.s. this line translates to your sister's account can from all systems become root to run the two commands without a password. However, you need to make sure that she can't edit the file that is launching the script to not run it.

Last edited by forrestt; 08-04-2010 at 05:09 PM.
 
Old 08-04-2010, 06:40 PM   #9
theNbomr
LQ 5k Club
 
Registered: Aug 2005
Distribution: OpenSuse, Fedora, Redhat, Debian
Posts: 5,395
Blog Entries: 2

Rep: Reputation: 903Reputation: 903Reputation: 903Reputation: 903Reputation: 903Reputation: 903Reputation: 903Reputation: 903
Since your objective is to terminate the ethernet, a cron job, running as root can serve the purpose. If run periodically (say, every five minutes) during the curfew period, and only shutting down if the selected user is logged in, then turning back on after the end of the curfew period, it should do the job.

--- rod
 
Old 08-04-2010, 07:27 PM   #10
Eredeath
Member
 
Registered: Jul 2008
Distribution: Arch
Posts: 41
Blog Entries: 3

Original Poster
Rep: Reputation: 16
Quote:
Originally Posted by forrestt View Post
NEVER set a script suid. Binaries, yes. Scripts, NO!!!!

That said, the best solution I can think of is to put the following into the sudoers file:

Code:
sisuser ALL=(root) NOPASSWD: /sbin/ifconfig eth0 down, /sbin/ifconfig eth0 up
This can be done most easily by running:

Code:
echo 'sisuser ALL=(root) NOPASSWD: /sbin/ifconfig eth0 down, /sbin/ifconfig eth0 up' >> /etc/sudoers
You will then want to change your script to put sudo in front of the ifconfig commands.

HTH
I tried this... but it looks like i need to add her to the sudo group, and i'm not too keen on doing that.

Why don't I want to use setuid on scripts.
 
Old 08-04-2010, 07:52 PM   #11
Eredeath
Member
 
Registered: Jul 2008
Distribution: Arch
Posts: 41
Blog Entries: 3

Original Poster
Rep: Reputation: 16
So I found a solution on this website:
http://www.tuxation.com/setuid-on-shell-scripts.html
I created a program in c to run the script as root. Seems to work.
 
Old 08-04-2010, 07:56 PM   #12
estabroo
Senior Member
 
Registered: Jun 2008
Distribution: debian, ubuntu, sidux
Posts: 1,094
Blog Entries: 2

Rep: Reputation: 111Reputation: 111
Couldn't you do this pretty easily in iptables with some time and user rules?

for the user stuff you can use -m owner to identify apps running as her and for the time stuff I think -m time

something like

iptables -A OUTPUT -m owner --uid-owner her_uid -m time --timestart 23:00 --timestop 07:00 -j DROP


Then you'd be able to surf without interruption but she'd be blocked during those times

Last edited by estabroo; 08-04-2010 at 07:59 PM. Reason: fixed timestart/stop
 
Old 08-04-2010, 08:24 PM   #13
Eredeath
Member
 
Registered: Jul 2008
Distribution: Arch
Posts: 41
Blog Entries: 3

Original Poster
Rep: Reputation: 16
Quote:
Originally Posted by estabroo View Post
Couldn't you do this pretty easily in iptables with some time and user rules?

for the user stuff you can use -m owner to identify apps running as her and for the time stuff I think -m time

something like

iptables -A OUTPUT -m owner --uid-owner her_uid -m time --timestart 23:00 --timestop 07:00 -j DROP


Then you'd be able to surf without interruption but she'd be blocked during those times
Thanks, I'll have to try that tomorrow. Lucky i still have a few days before she comes up.
 
Old 08-04-2010, 10:44 PM   #14
Gortex
Member
 
Registered: Nov 2005
Location: Enid Ok
Distribution: ubuntu 64 , debian , fedora core , vista ultimate 64, Winows 7 64 ultimate :p
Posts: 219

Rep: Reputation: 30
Quote:
Originally Posted by Eredeath View Post
I tried this... but it looks like i need to add her to the sudo group, and i'm not too keen on doing that.

Why don't I want to use setuid on scripts.
The reason is security issues. Scripts can do some nasty things on your box with suid of root. With that being said though if you only have two logins(yours and your sisters) and are behind a nat box ( Network address translation) with no dmz ( which 90% of the world probably is) and have no ports forwarded to your box have, basically no outside access. You are perfectly safe doing it, being that you are the one writing the script and never have to worry about someone trying to plant a Trojan. Yes I would agree with the guy above its bad form to do so, but its not like its going to give someone, instant access to your box. There are somethings I want scripts to do for my home box that i think a binary is a little over kill, pluss having to recompile from source for minor changes on somethings can suck. like having a script that Rsyncs multipliable directories ( around 100) to another server. If I had to recompile that from source every time I would go crazy. To many source files to keep up with already. At my work we use the sudoers trick as a workaround, but there are only 3 people in the list and we are all three programmers and basically the whole IT department besides our department manager which isn't in the file ironically...

Adding your sister to the sudoers file doesnt necessarily give her root access... A better way to do this is make a group then add that group to the sudoers file and set it only able to run ifconfig with out the sudo password. then the script will work fine, and in turn fixes you having now two separate scripts to do one thing. let me know and ill post an example if needed..

Last edited by Gortex; 08-04-2010 at 10:54 PM. Reason: one last thing
 
  


Reply

Tags
bash, login, scripting


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
LightScribe - Printing requires root privileges. ogee Linux - Software 2 10-01-2009 03:57 PM
Can I run yum without root privileges??? jainforall Linux - Software 3 10-22-2007 12:18 AM
no prompt for root password when program requires su privileges sgmeunier Linux - Software 2 06-26-2006 01:31 AM
How to run a script as root upon login zugvogel Linux - Newbie 7 09-09-2005 11:10 AM
How to run a Script as root, after Login as User, in GDM MHOOO Red Hat 14 03-08-2005 08:41 AM


All times are GMT -5. The time now is 06:04 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration