2
hi,
I wrote a C program (runas.c) that runs a command as a different user on Solaris 8.
The problem I'm having is that the new user's group memberships aren't going into
effect. Take the following scenario:
I login as "kirk". I need to run some commands as "spock". kirk and spock belong
to these Unix groups:
$ groups kirk spock
kirk : human starfleet
spock : vulcan starfleet
$ ls -l /tmp/.z:
total 16
-rw-rw-r-- 1 kirk human 0 Mar 17 22:37 aa
drwxrwxr-x 2 sarek vulcan 117 Mar 17 22:38 adir
$ /bin/id
uid=5418(kirk) gid=35(starfleet)
$ runas spock /bin/id
uid=7643(spock) gid=35(starfleet)
$ runas spock /bin/touch /tmp/.z/adir/zz
touch: /tmp/.z/adir/zz cannot create
Even though my runas program becomes "spock" without any problems, the "touch"
command can't create "/tmp/.z/adir/zz" because, for some reason, the OS
still sees kirk's group memberships instead of spock's group memberships.
The following is a listing of my C program (runas.c)
What changes must I make so that the group memberships of the new user
take effect?
Thanks in advance
--Andrew
================================================== ===============
$ cat runas.c
#include <stdio.h>
#include <sys/types.h>
#include <unistd.h>
#include <pwd.h>
#include <grp.h>
main(int argc, char *argv[])
{
struct passwd *pw;
struct group *grp;
char *args[argc];
char command[60];
int i;
char user[20];
if (argc >= 3) {
strcpy(user, argv[1]);
strcpy(command, argv[2]);
} else {
exit(1);
}
if (setuid(0) != 0) {
printf("Cannot proceed...This program doesn't have the proper permissions!\n");
exit(2);
}
/* additional security checks go here... */
pw = getpwnam(user); /* get password record for specified user. */
if (pw == NULL)
{
printf("%s is an invalid username.\n", user );
exit(3);
}
i = setreuid(pw->pw_uid, pw->pw_uid); /* become the specified user! */
if (i != 0)
{
printf("setreuid() failed...\n");
exit(5);
}
for (i = 2; i < argc; i++) {
args[i - 2] = (char *)malloc(strlen (argv [i]) * sizeof(char) + 1);
strcpy(args[i - 2], argv[i]);
}
args[argc - 2] = NULL;
execv(command, args);
printf("%s: execv() failed!!!\n\n", argv[0]);
} /* main() */
