[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#8700: Simple way to switch user/group permissions without requiring

From: Colin Watson
Subject: bug#8700: Simple way to switch user/group permissions without requiring PAM sessions
Date: Thu, 19 May 2011 14:13:39 +0100
User-agent: Mutt/1.5.20 (2009-06-14)

Every so often I wish that there existed (preferably in the Debian base
system) a tool analogous to chroot that drops privileges from root to a
nominated user, group, etc. and runs a given program.

Of course I do know about su, sudo, etc., but:

 * su and sudo are often configured to start a PAM session with noisy
   logging etc.;

 * su has a messy historical command-line syntax that requires fiddly

 * sudo isn't installed everywhere;

 * these programs all have lots of authentication baggage, which is
   thoroughly overkill when I'm writing shell scripts that run as root
   and just want to quickly run a program as some other user.

One example of when I want to use this is in Debian's
/etc/cron.daily/man-db script.  Towards the end of this, I want to run
the mandb program as the 'man' user.  I ended up using Debian's
start-stop-daemon, which happens to be able to run something in the
foreground as a different user; but mandb is not a daemon,
start-stop-daemon isn't universal, and so this all feels like a hack.

In other similar situations I've ended up with a couple of lines of
Perl, something like:

    perl -e '@pwd = getpwnam("man"); $( = $) = $pwd[3]; $< = $> = $pwd[2];
             exec "/usr/bin/mandb", @ARGV' -- "$@"

Again, though: punctuation-heavy, not trivial to get exactly right,
delicate quoting, and so on.

It seems to me that we could use something which can do ID switches away
from root without all the authentication stuff, and could be simple
enough to go in coreutils and ultimately end up on all GNUish systems.
When I complained about the lack of this on a local IRC channel, Ian
Jackson (CCed) pointed out that his 'really' tool is pretty close to
this; it does have some very simple authentication code, but that's easy
to strip out, and the rest is almost identical to what I'd want to see
in such a tool.  He did say that he'd prefer it not to be called
'really' if it's not installed setuid; I suggest 'chid' by analogy with
chroot, chcon, etc.

The source for 'really' is here (and though while I can't speak for him
I suspect Ian would be happy to do FSF assignment and such, since he's
already a GNU maintainer):


Another piece of prior art is the 'runas' tool in titantools.  However,
this is under a non-free licence and its command line interface is not
all that great IMO, so it's probably only useful to know about it to
avoid using the same (tempting) name.


Colin Watson                                       address@hidden

reply via email to

[Prev in Thread] Current Thread [Next in Thread]