All geek questions in one place

How to execute command as root

I am developing C code on Linux (Debian). From time to time I need to execute some commands through system()

I wonder if it is possible to execute the command using system() as root. If this is not the case, is there any function to execute the command (or run the binary) as root that I can use in C code?

+6
source share
3 answers

We met the situation until we want to execute the root command as a regular user, here is our solution (using setuid / SUID):

Let's pretend that:

  • username : Tom
  • band : gTom
  • C program file : my_pro.c

Step 1: Write down the C code tool: my_sudo.c

 ... int main(int args, char *argv[]) { if (args < 2) printf("Usage: my_sudo [cmd] [arg1 arg2 ...]"); // cmd here is the shell cmd that you want execute in "my_pro" // you can check the shell cmd privilege here // example: if (argv[1] != "yum") return; we just allow yum execute here char cmd[MAX_CMD]; int i; for ( i = 2; i < args; i ++) { // concatenate the cmd, example: "yum install xxxxx" strcat(cmd, " "); strcat(cmd, argv[i]); } system(cmd); }

Step 2: Compile my_sudo.c to get the my_sudo

  sudo chown root:gTom my_sudo // user root && gTom group sudo chmod 4550 my_sudo // use SUID to get root privilege #you will see my_sudo like this(ls -l) #-r-sr-x--- 1 root my_sudo 9028 Jul 19 10:09 my_sudo* #assume we put my_sudo to /usr/sbin/my_sudo

Step 3: In Code C

 ... int main() { ... system("/usr/bin/mysudo yum install xxxxx"); ... } #gcc && ls -l #-rwxr--r-- 1 Tom gTom 1895797 Jul 23 13:55 my_pro

Step 4: Run ./my_pro

You can run yum install without sudo .

+3
source

If you are a user of your system that has sudo privileges to run commands as root , just sudo to the command.

 system("sudo yum install some-package");

If you want someone to be able to do this, then you must be the administrator of your system, change the owner of the file as root and change the permissions of your executable file to run as root . By doing so, you do not need to change your system() command line using sudo .

 chmod +s my_program chown root my_program

Understand that this can open you security problems if you have not proven that your program has no security problems.

The file system may be such as to prevent you from setting the setuid bit in your program. If you need more information on these lines, you should contact SuperUser .

+1
source

This is one of those things to remember. There are security threats, so just know who will use them. In the "system" command, you can even execute external scripts ... although this poses serious security risks, because although this binary must have permissions to re-set each time it is compiled, the script can be changed endlessly, and this binary will keep calling him.

 #include <stdio.h> #include <stdlib.h> //Create as root //gcc fixmusic.c -o fixmusic //chmod u+s fixmusic //now run as non-root user and it should work despite limitations of user int main(int argc, char *argv[] ) { setuid(0); char command[100]; sprintf(command,"/usr/bin/chmod -R a+w /mnt/Local/Music"); system(command); //This is just optional info if someone cat the binary volatile const char comment [] = "INFO: Fixes music permissions"; return 0; }
0
source

Source: https://habr.com/ru/post/950131/

More articles:


All Articles