Hi,

I have a GTK+ program which needs special privilege to perform certain to do few file copying.

So only users with special privilege can do it.

One option is to recommend the user to login with special privileges and then execute the program.

Other option is to build a logic inside the program to detect whether the current user is having enough privileges, if not provide a GUI interface to him to login, Just like any other administrative application (e.g. network configuration applet) works.

Please tell me how to do this in a program.

thank you
Keshav

This is a common Unix programming issue. I would create a separate group and user account with the program's name. Disable the user account (set the password to expired, etc.,) change the restricted file ownership to program:program, set the permissions to something like 770, 660, or 440, and add the group to the appropriate real user accounts. libc should take care of the rest.

If you don't want to use the built-in UID/GID system, you'll have to come up with your own which maintains a list of users, hashed passwords, and activity permissions. That's a lot of work when Unix already comes with this functionality specifically for these purposes.
ta0kira

What I would have tried to say, but much better phrased.

This is the way to do it inside the normal *nix framework, any reason you think this won't work for you?

To ta0kira and archtoad6,

Thank for your reply..

I really did not understood much from your reply.. I am pretty new to programming and it may take a while for me to understand.

To give more info on my work, this will be distributed via CD and user is expected to run the program from CD only once. Hence it looks difficult for me to alter user groups and file permissions.

I am thinking of suggesting the user to login with special privileges i.e. as root. But debian and ubuntu are problematic, because of the sudo thing..

Thank you
Keshav

A number of distros don't allow graphical root login by default. So I guess that that option is totally out.

You can have a look at setuid() which will eleveate the permissions of the program to that of the owner regardless of the user that executes the program. It however needs a special bit set in the permissions 'field' and I'm not sure if that possible on a CD.
And it implies that every user that gets hold of the CD will be able to run the program with these privileges.

Wouldn't the suggested permissions & file ownership be associated w/ the program file on the CD?

BTW, man chown & man chmod might get you started.

I will try out the new suggestions you have give and setuid() and comeback..

thank you
Keshav

What happened?

Hi,

I was caught up with some busy work. so couldn't take up this.

Meantime, I read some online documents saying that, usage of setuid() is not safe?? Any thoughts on this?

-Keshav

I don't know in what context it was said. The problem with setuid is that it elevates the privileges to those of the user who owns the file (which is usually root). Hence a setuid program can do damage, but that fully depends on what the program does. If it's properly written, I don't see problems using setuid.

As you're writing your own program, only elevate when you have to and fall back once done. I have a program that needs to configure a PCI card and requires root privileges for that. During the startup of the program, I elevate the permissions, configure the card, and go back to normal permissions. Next I don't have a need to elevate so I don't.

An example of a program that requires setuid is ping.