• Jesse Phillips <Jesse.K.Phillips gmail.com> Oct 01 2007
• BCS <BCS pathlink.com> Oct 01 2007
• Jesse Phillips <Jesse.K.Phillips gmail.com> Oct 01 2007
• BCS <BCS pathlink.com> Oct 01 2007
• Regan Heath <regan netmail.co.nz> Oct 02 2007
• Nathan Reed <nathaniel.reed gmail.com> Oct 01 2007
• BCS <ao pathlink.com> Oct 01 2007

Jesse Phillips <Jesse.K.Phillips gmail.com> writes:

As a Linux programmer it can be important to have a program run with 
superuser privileges. I am trying to figure out the best way to either 
become a super user by asking for a password, or simply checking if it is 
run as a superuser.

I have been looking at how to do this in C and found information on suser
() which seems to be for FreeBSD.
http://www.gsp.com/cgi-bin/man.cgi?section=9&topic=suser

I was also reading some stuff on secure programming which said not to use 
system() because it invokes the shell, that's fine but is it really a 
problem?
http://www.onlamp.com/pub/a/onlamp/excerpt/PUIS3_chap16/index1.html

Any good links or search queries would be great.

Thanks,
Jesse Phillips

BCS <BCS pathlink.com> writes:

Jesse Phillips wrote:
 As a Linux programmer it can be important to have a program run with 
 superuser privileges. I am trying to figure out the best way to either 
 become a super user by asking for a password, or simply checking if it is 
 run as a superuser.
 
 I have been looking at how to do this in C and found information on suser
 () which seems to be for FreeBSD.
 http://www.gsp.com/cgi-bin/man.cgi?section=9&topic=suser
 
 I was also reading some stuff on secure programming which said not to use 
 system() because it invokes the shell, that's fine but is it really a 
 problem?
 http://www.onlamp.com/pub/a/onlamp/excerpt/PUIS3_chap16/index1.html
 
 Any good links or search queries would be great.
 
 Thanks,
 Jesse Phillips



Are you looking for D specific stuff? Under Unix I would expect that 
superuser related stuff will be the same as under C. As such I expect 
that this NG wouldn't have any specific expertices in that. You might 
get lucky and find someone who knowns (these guys have quite a range of 
knowledge) but here is not the first place I'd look.

Jesse Phillips <Jesse.K.Phillips gmail.com> writes:

On Mon, 01 Oct 2007 15:33:18 -0700, BCS wrote:

 Jesse Phillips wrote:
 As a Linux programmer it can be important to have a program run with
 superuser privileges. I am trying to figure out the best way to either
 become a super user by asking for a password, or simply checking if it
 is run as a superuser.
 
 I have been looking at how to do this in C and found information on
 suser () which seems to be for FreeBSD.
 http://www.gsp.com/cgi-bin/man.cgi?section=9&topic=suser
 
 I was also reading some stuff on secure programming which said not to
 use system() because it invokes the shell, that's fine but is it really
 a problem?
 http://www.onlamp.com/pub/a/onlamp/excerpt/PUIS3_chap16/index1.html
 
 Any good links or search queries would be great.
 
 Thanks,
 Jesse Phillips


 
 Are you looking for D specific stuff? Under Unix I would expect that
 superuser related stuff will be the same as under C. As such I expect
 that this NG wouldn't have any specific expertices in that. You might
 get lucky and find someone who knowns (these guys have quite a range of
 knowledge) but here is not the first place I'd look.


Well, I was hoping for something D specific, but didn't think there would 
be. Phobos has a std.linux package but the docs don't say anything about 
what is in it, I guess I could look at the source.

BCS <BCS pathlink.com> writes:

Jesse Phillips wrote:
 On Mon, 01 Oct 2007 15:33:18 -0700, BCS wrote:
 
 
Jesse Phillips wrote:

As a Linux programmer it can be important to have a program run with
superuser privileges. I am trying to figure out the best way to either
become a super user by asking for a password, or simply checking if it
is run as a superuser.

I have been looking at how to do this in C and found information on
suser () which seems to be for FreeBSD.
http://www.gsp.com/cgi-bin/man.cgi?section=9&topic=suser

I was also reading some stuff on secure programming which said not to
use system() because it invokes the shell, that's fine but is it really
a problem?
http://www.onlamp.com/pub/a/onlamp/excerpt/PUIS3_chap16/index1.html

Any good links or search queries would be great.

Thanks,
Jesse Phillips



Are you looking for D specific stuff? Under Unix I would expect that
superuser related stuff will be the same as under C. As such I expect
that this NG wouldn't have any specific expertices in that. You might
get lucky and find someone who knowns (these guys have quite a range of
knowledge) but here is not the first place I'd look.


 
 Well, I was hoping for something D specific, but didn't think there would 
 be. Phobos has a std.linux package but the docs don't say anything about 
 what is in it, I guess I could look at the source.


failing anything else, figure out how to do it it C and then declare the 
needed function declarations. In my experience POSIX stuff is easy to 
translate.

Regan Heath <regan netmail.co.nz> writes:

BCS wrote:
 Jesse Phillips wrote:
 On Mon, 01 Oct 2007 15:33:18 -0700, BCS wrote:


 Jesse Phillips wrote:

 As a Linux programmer it can be important to have a program run with
 superuser privileges. I am trying to figure out the best way to either
 become a super user by asking for a password, or simply checking if it
 is run as a superuser.

 I have been looking at how to do this in C and found information on
 suser () which seems to be for FreeBSD.
 http://www.gsp.com/cgi-bin/man.cgi?section=9&topic=suser

 I was also reading some stuff on secure programming which said not to
 use system() because it invokes the shell, that's fine but is it really
 a problem?
 http://www.onlamp.com/pub/a/onlamp/excerpt/PUIS3_chap16/index1.html

 Any good links or search queries would be great.

 Thanks,
 Jesse Phillips



 Are you looking for D specific stuff? Under Unix I would expect that
 superuser related stuff will be the same as under C. As such I expect
 that this NG wouldn't have any specific expertices in that. You might
 get lucky and find someone who knowns (these guys have quite a range of
 knowledge) but here is not the first place I'd look.



 Well, I was hoping for something D specific, but didn't think there 
 would be. Phobos has a std.linux package but the docs don't say 
 anything about what is in it, I guess I could look at the source.


 failing anything else, figure out how to do it it C and then declare the 
 needed function declarations. In my experience POSIX stuff is easy to 
 translate.


I believe the POSIX routines are:
http://linux.die.net/man/2/getuid
http://linux.die.net/man/2/setuid

As mentioned by Nathan your exe would need an owner of root and the SUID 
bit in order to elevate itself to the root user with setuid.

In your case I think you just want getuid to check the uid is 0, or 
root.  Or perhaps geteuid (I'm not sure if this one is POSIX).

Regan

Nathan Reed <nathaniel.reed gmail.com> writes:

Jesse Phillips wrote:
 As a Linux programmer it can be important to have a program run with 
 superuser privileges. I am trying to figure out the best way to either 
 become a super user by asking for a password, or simply checking if it is 
 run as a superuser.


I'm not a Linux expert, but it's my understanding that there is no way 
to "become" a superuser.  The program cannot be run as an ordinary user 
and then elevate itself to superuser status (that would make the whole 
superuser concept pointless).

Programs like 'sudo' and 'passwd', which always execute as root but can 
be called by any user, are made by first ensuring that the executable is 
owned by root and then setting the SUID bit in the permissions bitmask 
on the executable.  This does not affect how the programs are written at 
all; it is solely a file-system/OS feature.

Thanks,
Nathan Reed

BCS <ao pathlink.com> writes:

Reply to Nathan,

 Jesse Phillips wrote:
 
 As a Linux programmer it can be important to have a program run with
 superuser privileges. I am trying to figure out the best way to
 either become a super user by asking for a password, or simply
 checking if it is run as a superuser.
 


 to "become" a superuser.  The program cannot be run as an ordinary
 user and then elevate itself to superuser status (that would make the
 whole superuser concept pointless).
 
 Programs like 'sudo' and 'passwd', which always execute as root but
 can be called by any user, are made by first ensuring that the
 executable is owned by root and then setting the SUID bit in the
 permissions bitmask on the executable.  This does not affect how the
 programs are written at all; it is solely a file-system/OS feature.
 
 Thanks,
 Nathan Reed


almost

A program with the SUID bit can use the setuid system call (and a few related 
functions) to move around several different UIDs (IIRC there are three, the 
owner of the file, the original from the process that exec'ed and another 
that I forget where it comes from). Run a man on setuid and you will get 
more than you want to wade through. If you are interested I did a term paper 
on the Linux system calls a while ago and it has a little better description 
in it.