LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Newbie (https://www.linuxquestions.org/questions/linux-newbie-8/)
-   -   Starting a process under a different username? (https://www.linuxquestions.org/questions/linux-newbie-8/starting-a-process-under-a-different-username-476210/)

Stuart65 08-22-2006 08:27 AM
Starting a process under a different username?
 
Hi,

I would like to start a process from a script that runs under a specific username and does not require any user input. The process must continue running after the user that started it has logged out.

I believe I know the basics of doing this but I cannot work out how to make it non-interactive.

Here's an interactive example of what I'd like to do in a script.

su user
cd /var/....
nohup ./COMMAND &
exit

Thanks and regards,
Stuart

Agrouf 08-22-2006 09:54 AM
sudo -u bob command
man sudo

timmeke 08-22-2006 10:06 AM
Or chown the file and then put the SetUID permission bit on using chown. But the sudo solution is safer and better.
SetUID is definitely not recommended if user == root.

Stuart65 08-24-2006 03:09 AM
Thanks for the replies.

Using sudo was an option that I had explored but sudo is not installed by default as part of a SLES minimum installation and we do not want to install it if unnecessary .

I'd like to explorer SetUID option further and would like to know what the dangers (if there are any) of using this option.

Any help would be appreciated, thanks.

timmeke 08-24-2006 05:29 AM
The SetUID bit makes an executable run as if it was called by an other user, namely the user that owns the file (check with 'ls -l yourfile'). This can be a security risk, especially if the file is owned by root.
Just consider what happens if the file was compromised. Then anyone could enter some commands into it and make it run as if it was run by root - effectively getting root access to your machine.

Files with SetUID root must therefor be avoided were possible and must be put in a directory that's only writable by root. All parent directories, uptil /, must be writable by root only as well.

A file with SetUID to some user that is not root is less harmful. But consider the following:
a hacker breaks into your system, looks for SetUID files, finds your application and runs it. This may break some pieces of valuable information for you and there is no way of finding out who is the culprit (ie who executed the program).

Enabling the SetUID bit is done via 'chmod'. See it's man page for details.

unSpawn 08-24-2006 05:50 AM
That's a clear explanation by timmeke there for you which should lead to the natural conclusion using Sudo should be the way to go, unless it's a service that should be started on boot, then you would use an initscript. So what app are we talking about?


Using sudo was an option that I had explored but sudo is not installed by default as part of a SLES minimum installation and we do not want to install it if unnecessary.
Then it should be considered as necessary. Sudo helps you manage tasks that transcend regular user rights: it enhances security.

Tinkster 08-24-2006 01:26 PM
A third alternative would be to just use su ...

su - user -c "command; command; command"



Cheers,
Tink


All times are GMT -5. The time now is 05:12 PM.