cardassianscot Posted March 16, 2003 Report Share Posted March 16, 2003 I need to run a program as another user from root. (The program is fetchmail {I want other people to be able to start and stop it but not have root access but it has to be launched at startup meaning it has to be launched by root} but the actual program is irrelevant so I'm not posting this to the network group). I thought this might be something to do with the superuser bit so I saved a script to launch the program as another user and then tried to apply the superuse bit with chmod -s test This didn't work. Am I doing something wrong or is there a better way to launch a program as another user when you are root. Thanks Quote Link to comment Share on other sites More sharing options...
onurb Posted March 16, 2003 Report Share Posted March 16, 2003 Your question is not 100% clear, but, as root you should be able to run any program from all users and groups. Quote Link to comment Share on other sites More sharing options...
Guest SDMF Posted March 16, 2003 Report Share Posted March 16, 2003 If you are root at the time, you should be able to use: su - $USER -c command Quote Link to comment Share on other sites More sharing options...
Cannonfodder Posted March 17, 2003 Report Share Posted March 17, 2003 I gather you want to run the app under the user's login so as root you can become that user with su Let's say you have user bob. su bob You will be user bob and can run the app.. as bob.. Quote Link to comment Share on other sites More sharing options...
ramfree17 Posted March 17, 2003 Report Share Posted March 17, 2003 I need to run a program as another user from root. (The program is fetchmail {I want other people to be able to start and stop it but not have root access but it has to be launched at startup meaning it has to be launched by root} use the sudo package to grant normal uses access to utilities that are normally reserved for the root user. this way you wont need to give your users the root password. read the quick sudo tutorial at mandrakesecure.net. ciao! Quote Link to comment Share on other sites More sharing options...
pmpatrick Posted March 17, 2003 Report Share Posted March 17, 2003 If I understand your question, you have a program which is owned by root but you want the rest of the world to have read and execute permisions. To accompolish this, navigate to the directory where the program is located and run the following as root: # chmod 755 <program name> This will give root read, write and execute permisions and the rest of the world read and execute. If you want the rest of the world to have execute only privileges, than change 755 to 711. When a nonroot user executes the program, the process launched will be owned by the person who invoked it without the ability to change the program. Nonroot users should also be able to stop the process launched by root I think because they have execute privileges. Quote Link to comment Share on other sites More sharing options...
ramfree17 Posted March 17, 2003 Report Share Posted March 17, 2003 # chmod 755 <program name> This is dangerous and would fail if the utility in question needs to access a resource that is also owned by root (like logs and locks in /var). sudo is the package developed to address this problem without compromising security. the key here is limiting the possible avenues for attack and still accomplishing the task of sharing the root responsibility with somebody else. :) ciao! Quote Link to comment Share on other sites More sharing options...
aru Posted March 17, 2003 Report Share Posted March 17, 2003 fetchmail, the program in question, can be run by anybody, the only requisite is to have access to either an user's ~/fetchmailrc or a global fetchmailrc file through "fetchmail -f file"; as those files use to have the account/passwords info of each user's remote emails, they must have 600 permission. My suggestion is that if all your users trust you, then create a global fetchmailrc file with all your user's email accounts info, and run fetchmail through root's cron in intervals of ten minutes to retrieve all possible email from the outside world (well, that's how I do it) Quote Link to comment Share on other sites More sharing options...
cardassianscot Posted March 17, 2003 Author Report Share Posted March 17, 2003 Thanks, the su $user -c $command solution was what I was after. I want to run fetchmail as non-root because it ocassionally needs to be stopped and started by non-root users, so I have a seperate account with my .fetchmailrc file, so fetchmail needs to be run as this user. Once again thanks. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.