www.digitalmars.com         C & C++   DMDScript  

digitalmars.D.learn - Requesting Superuser

reply Jesse Phillips <Jesse.K.Phillips gmail.com> writes:
As a Linux programmer it can be important to have a program run with 
superuser privileges. I am trying to figure out the best way to either 
become a super user by asking for a password, or simply checking if it is 
run as a superuser.

I have been looking at how to do this in C and found information on suser
() which seems to be for FreeBSD.
http://www.gsp.com/cgi-bin/man.cgi?section=9&topic=suser

I was also reading some stuff on secure programming which said not to use 
system() because it invokes the shell, that's fine but is it really a 
problem?
http://www.onlamp.com/pub/a/onlamp/excerpt/PUIS3_chap16/index1.html

Any good links or search queries would be great.

Thanks,
Jesse Phillips
Oct 01 2007
next sibling parent reply BCS <BCS pathlink.com> writes:
Jesse Phillips wrote:
 As a Linux programmer it can be important to have a program run with 
 superuser privileges. I am trying to figure out the best way to either 
 become a super user by asking for a password, or simply checking if it is 
 run as a superuser.
 
 I have been looking at how to do this in C and found information on suser
 () which seems to be for FreeBSD.
 http://www.gsp.com/cgi-bin/man.cgi?section=9&topic=suser
 
 I was also reading some stuff on secure programming which said not to use 
 system() because it invokes the shell, that's fine but is it really a 
 problem?
 http://www.onlamp.com/pub/a/onlamp/excerpt/PUIS3_chap16/index1.html
 
 Any good links or search queries would be great.
 
 Thanks,
 Jesse Phillips

Are you looking for D specific stuff? Under Unix I would expect that superuser related stuff will be the same as under C. As such I expect that this NG wouldn't have any specific expertices in that. You might get lucky and find someone who knowns (these guys have quite a range of knowledge) but here is not the first place I'd look.
Oct 01 2007
parent reply Jesse Phillips <Jesse.K.Phillips gmail.com> writes:
On Mon, 01 Oct 2007 15:33:18 -0700, BCS wrote:

 Jesse Phillips wrote:
 As a Linux programmer it can be important to have a program run with
 superuser privileges. I am trying to figure out the best way to either
 become a super user by asking for a password, or simply checking if it
 is run as a superuser.
 
 I have been looking at how to do this in C and found information on
 suser () which seems to be for FreeBSD.
 http://www.gsp.com/cgi-bin/man.cgi?section=9&topic=suser
 
 I was also reading some stuff on secure programming which said not to
 use system() because it invokes the shell, that's fine but is it really
 a problem?
 http://www.onlamp.com/pub/a/onlamp/excerpt/PUIS3_chap16/index1.html
 
 Any good links or search queries would be great.
 
 Thanks,
 Jesse Phillips

Are you looking for D specific stuff? Under Unix I would expect that superuser related stuff will be the same as under C. As such I expect that this NG wouldn't have any specific expertices in that. You might get lucky and find someone who knowns (these guys have quite a range of knowledge) but here is not the first place I'd look.

Well, I was hoping for something D specific, but didn't think there would be. Phobos has a std.linux package but the docs don't say anything about what is in it, I guess I could look at the source.
Oct 01 2007
parent reply BCS <BCS pathlink.com> writes:
Jesse Phillips wrote:
 On Mon, 01 Oct 2007 15:33:18 -0700, BCS wrote:
 
 
Jesse Phillips wrote:

As a Linux programmer it can be important to have a program run with
superuser privileges. I am trying to figure out the best way to either
become a super user by asking for a password, or simply checking if it
is run as a superuser.

I have been looking at how to do this in C and found information on
suser () which seems to be for FreeBSD.
http://www.gsp.com/cgi-bin/man.cgi?section=9&topic=suser

I was also reading some stuff on secure programming which said not to
use system() because it invokes the shell, that's fine but is it really
a problem?
http://www.onlamp.com/pub/a/onlamp/excerpt/PUIS3_chap16/index1.html

Any good links or search queries would be great.

Thanks,
Jesse Phillips

Are you looking for D specific stuff? Under Unix I would expect that superuser related stuff will be the same as under C. As such I expect that this NG wouldn't have any specific expertices in that. You might get lucky and find someone who knowns (these guys have quite a range of knowledge) but here is not the first place I'd look.

Well, I was hoping for something D specific, but didn't think there would be. Phobos has a std.linux package but the docs don't say anything about what is in it, I guess I could look at the source.

failing anything else, figure out how to do it it C and then declare the needed function declarations. In my experience POSIX stuff is easy to translate.
Oct 01 2007
parent Regan Heath <regan netmail.co.nz> writes:
BCS wrote:
 Jesse Phillips wrote:
 On Mon, 01 Oct 2007 15:33:18 -0700, BCS wrote:


 Jesse Phillips wrote:

 As a Linux programmer it can be important to have a program run with
 superuser privileges. I am trying to figure out the best way to either
 become a super user by asking for a password, or simply checking if it
 is run as a superuser.

 I have been looking at how to do this in C and found information on
 suser () which seems to be for FreeBSD.
 http://www.gsp.com/cgi-bin/man.cgi?section=9&topic=suser

 I was also reading some stuff on secure programming which said not to
 use system() because it invokes the shell, that's fine but is it really
 a problem?
 http://www.onlamp.com/pub/a/onlamp/excerpt/PUIS3_chap16/index1.html

 Any good links or search queries would be great.

 Thanks,
 Jesse Phillips

Are you looking for D specific stuff? Under Unix I would expect that superuser related stuff will be the same as under C. As such I expect that this NG wouldn't have any specific expertices in that. You might get lucky and find someone who knowns (these guys have quite a range of knowledge) but here is not the first place I'd look.

Well, I was hoping for something D specific, but didn't think there would be. Phobos has a std.linux package but the docs don't say anything about what is in it, I guess I could look at the source.

failing anything else, figure out how to do it it C and then declare the needed function declarations. In my experience POSIX stuff is easy to translate.

I believe the POSIX routines are: http://linux.die.net/man/2/getuid http://linux.die.net/man/2/setuid As mentioned by Nathan your exe would need an owner of root and the SUID bit in order to elevate itself to the root user with setuid. In your case I think you just want getuid to check the uid is 0, or root. Or perhaps geteuid (I'm not sure if this one is POSIX). Regan
Oct 02 2007
prev sibling parent reply Nathan Reed <nathaniel.reed gmail.com> writes:
Jesse Phillips wrote:
 As a Linux programmer it can be important to have a program run with 
 superuser privileges. I am trying to figure out the best way to either 
 become a super user by asking for a password, or simply checking if it is 
 run as a superuser.

I'm not a Linux expert, but it's my understanding that there is no way to "become" a superuser. The program cannot be run as an ordinary user and then elevate itself to superuser status (that would make the whole superuser concept pointless). Programs like 'sudo' and 'passwd', which always execute as root but can be called by any user, are made by first ensuring that the executable is owned by root and then setting the SUID bit in the permissions bitmask on the executable. This does not affect how the programs are written at all; it is solely a file-system/OS feature. Thanks, Nathan Reed
Oct 01 2007
parent BCS <ao pathlink.com> writes:
Reply to Nathan,

 Jesse Phillips wrote:
 
 As a Linux programmer it can be important to have a program run with
 superuser privileges. I am trying to figure out the best way to
 either become a super user by asking for a password, or simply
 checking if it is run as a superuser.
 

to "become" a superuser. The program cannot be run as an ordinary user and then elevate itself to superuser status (that would make the whole superuser concept pointless). Programs like 'sudo' and 'passwd', which always execute as root but can be called by any user, are made by first ensuring that the executable is owned by root and then setting the SUID bit in the permissions bitmask on the executable. This does not affect how the programs are written at all; it is solely a file-system/OS feature. Thanks, Nathan Reed

almost A program with the SUID bit can use the setuid system call (and a few related functions) to move around several different UIDs (IIRC there are three, the owner of the file, the original from the process that exec'ed and another that I forget where it comes from). Run a man on setuid and you will get more than you want to wade through. If you are interested I did a term paper on the Linux system calls a while ago and it has a little better description in it.
Oct 01 2007