ProgrammingThis forum is for all programming questions.
The question does not have to be directly related to Linux and any language is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I have a GTK+ program which needs special privilege to perform certain to do few file copying.
So only users with special privilege can do it.
One option is to recommend the user to login with special privileges and then execute the program.
Other option is to build a logic inside the program to detect whether the current user is having enough privileges, if not provide a GUI interface to him to login, Just like any other administrative application (e.g. network configuration applet) works.
This is a common Unix programming issue. I would create a separate group and user account with the program's name. Disable the user account (set the password to expired, etc.,) change the restricted file ownership to program:program, set the permissions to something like 770, 660, or 440, and add the group to the appropriate real user accounts. libc should take care of the rest.
If you don't want to use the built-in UID/GID system, you'll have to come up with your own which maintains a list of users, hashed passwords, and activity permissions. That's a lot of work when Unix already comes with this functionality specifically for these purposes.
ta0kira
What I would have tried to say, but much better phrased.
This is the way to do it inside the normal *nix framework, any reason you think this won't work for you?
To ta0kira and archtoad6,
Thank for your reply..
I really did not understood much from your reply.. I am pretty new to programming and it may take a while for me to understand.
To give more info on my work, this will be distributed via CD and user is expected to run the program from CD only once. Hence it looks difficult for me to alter user groups and file permissions.
I am thinking of suggesting the user to login with special privileges i.e. as root. But debian and ubuntu are problematic, because of the sudo thing..
A number of distros don't allow graphical root login by default. So I guess that that option is totally out.
You can have a look at setuid() which will eleveate the permissions of the program to that of the owner regardless of the user that executes the program. It however needs a special bit set in the permissions 'field' and I'm not sure if that possible on a CD.
And it implies that every user that gets hold of the CD will be able to run the program with these privileges.
I don't know in what context it was said. The problem with setuid is that it elevates the privileges to those of the user who owns the file (which is usually root). Hence a setuid program can do damage, but that fully depends on what the program does. If it's properly written, I don't see problems using setuid.
As you're writing your own program, only elevate when you have to and fall back once done. I have a program that needs to configure a PCI card and requires root privileges for that. During the startup of the program, I elevate the permissions, configure the card, and go back to normal permissions. Next I don't have a need to elevate so I don't.
An example of a program that requires setuid is ping.
Code:
wim@btd-techweb01:~/tacinc/web$ ls -l /bin/ping
-rws--x--x 1 root bin 29232 2004-11-04 06:55 /bin/ping*
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.