I understand the consequences of running a script as root, especially a web application. However, as part of my web application, I need to use curl with tor, and this requires a temporary restart of tor ip. tor can get a new ip when the service restarts with service tor restart . Since only root can do this, I wrote a C script shell to do what I needed, and compiled it and installed the setuid root on it and changed it to root. However, it still asks me for the root password when it starts as an unprivileged user. As root, restarting the service should not ask for a password.
My script:
#include <stdlib.h> #include <stdio.h> #include <unistd.h> void ExecAsRoot (char* str); int main () { setuid (0); setvbuf(stdout, NULL, _IONBF, 0); printf ("Host real ip is: "); ExecAsRoot("ip addr | grep 'state UP' -A2 | tail -n1 | awk '{print $2}' | cut -f1 -d'/'"); ExecAsRoot("/usr/sbin/service tor restart"); // sleep(2); printf ("Tor should have switched to a new ip by now.\nNew ip is: "); ExecAsRoot("torify curl ifconfig.co 2>/dev/null"); return 0; } void ExecAsRoot (char* str) { system (str); }
I have done the following:
chown root restartor chmod u=rwx,go=xr restartor
Output:
Host real ip is: 7.17.11.23 ==== AUTHENTICATING FOR org.freedesktop.systemd1.manage-units === Authentication is required to restart 'tor.service'. Authenticating as: root Password:
How can I make this work as a web user without providing a root password?
source share