Is there a 'Run As' (aka Windows) option in Linux?
In Windows, we can choose to run a program as another user different from the login account (right click on the program icon and choose run as).
In Linux, is that possible too? If I have a script that is owned by john, how do I configure the script to auto run upon each bootup with user account 'peter'? Thanks ! |
Use the su command, see "man su" for more details.
|
Thanks, that can be invoked once I'm at the commandline. How about those scripts that are run at bootup?. Eg. /etc/rc2.d/S10myscript will run at sequence number 10 when the system boot into runlevel 2. How do I use the su command to enable 'myscript' to run as another user besides the owner of 'myscript' when entering runlevel 2?
Thanks again :) Quote:
|
If you always want a script to be run as a certain user, you can use the SUID bit... I'm not sure how familiar you are with the concept of permissions in Linux, but this is an advanced part of that.
OK, so each file has a user and a group that owns it, and a set of permissions that say what its owner; people in the owning group; and anyone else can do to it (read, write and/or execute). If you do ls -l on a file, you'll see this information on the left as something like: Code:
-rwxr-xr-x 1 adoyle users 187 2005-07-06 15:48 pentax OK, so that's your basic permission to execute. But what if there was some resource that only adoyle had permission to, that the file needed to run? And further, you didn't just want to give access to it willy-nilly except through the script (let's drop the idea of adoyle here and think more about root, and all the priviledged things it can do)? You can set a special permission so that anyone executing the file with that permission, runs it as the file's owner. If this is done, the file shouldn't be writable by anyone other than the owner (for hopefully obvious reasons). To set this bit, just issue the command Code:
chmod +s <filename> Of course, this is a permanent association with the file itself, and may not be what you wanted. If you're just looking to quickly and temporarily run the file as another user (in a windows way), I think both KDE and GNOME have a "run as other user" option on their right-click menu (it's been a while since I've used either, so I'm not sure of either the name or the details of where it appears, but it's there. I think KDE's is something like kdesu). HTH, Andrzej |
Suppose I have another user 'john' and he is in the 'users' group, how do I get the script 'pentax' to run as 'john' (instead of adoyle) as the system enters the default runlevel (during boot up)?
I guess the manual way would be to login into the console, stop the script, su as john and restart the script, but that would be abit tedious if one has to do this each time the system boot up. PS. Running without a GUI. Thanks for the help :) Quote:
|
Quote:
also, if you just wanted to run the script from the console you could use Code:
$ su john -c path_to_pentax |
Is it the same with daemon too?
Code:
ls -l /sbin/klogd Thanks ! Quote:
|
Quote:
Code:
cut /etc/passwd -d : -f 1 So once you realise that 'klog' really is a user (even if not a person), you can see from the permissions on that file that everyone has normal execute permissions. Thus any user can run klogd (though I'd imagine the program would fall over halfway through if you did it as your normal logon). In terms of how Linux started it as klog instead of as your user, it's more or less just using 'su' to change users. (I'm not completely sure of the details of this, but I don't think that matters so much). And FYI if you didn't know, klogd is the Kernel LOG Daemon. :) |
Quote:
The trick is to have S10myscript be nothing more than a wrapper for a different script. S10myscript will be run as root, and it's contents need to be something along the lines of: Code:
su peter -c /path/to/the/real/script/owned/by/john "$@" WARNING! This implies that root trusts john not to screw with peter! It is not implicitly bad for root to run a script as a different userid. This is done all the time. However, that script should usually be owned by root and not writeable by others unless there is some compelling reason that overrides the security concerns. WARNING WARNING WARNING! If you ever have root run a script owned and writeable by somebody else, AS USERID ROOT, you've wiped out any semblance of security your system ever had!!! |
I still think a group structure with sudo rights would be more sensible. Doing user_alpha work with user_beta is very, very, very, very, very, very bad policy.
You would want to consider creating a system_log_user group or whatever and then giving sudo execute rights of the program, script or daemon to this group. |
Thanks for all the replies, I have learnt much :)
|
All times are GMT -5. The time now is 07:30 AM. |