running things as root

Place to discuss Fedora and/or Red Hat
Post Reply
Master of Reality
guru
guru
Posts: 562
Joined: Thu Jan 09, 2003 8:25 pm

running things as root

Post by Master of Reality » Thu Apr 13, 2006 4:52 pm

I have a script that runs pppd, dhclient, route, et cetera, to connect to my schools VPN.

Of course these things need to be run as root, but i would like to run it as a user. I tried making a link on the desktop that runs as root, but it doesnt set roots environment variables (i assume) because it gives me an error: dhclient not found, route not found, et cetera.

If i run it as su -c vpnconnect it gives me the same thing.

So, could i setuid root to the script (making sure it cant be writable by anyone other than root), or is there a way to make the environment variables set to roots when it runs it?

How do i setuid root anyhow?

User avatar
Void Main
Site Admin
Site Admin
Posts: 5716
Joined: Wed Jan 08, 2003 5:24 am
Location: Tuxville, USA
Contact:

Post by Void Main » Thu Apr 13, 2006 7:43 pm

You can't set SUID root on a script, only binary executables. Well you can set the bit but it's not going to work like you think. Even setting the SUID bit on binaries won't necessarily do what you want unless they are written properly (calling appropriate setuid related functions). Setting the SUID bit causes the program to be run as the user who owns the file. Likewise setting SGID causes the program to be run with the group permissions of the file. To make a program SUID root you would:

# chown root programname
# chmod u+s programname

The reason the commands were not found in your script is because the programs reside in /sbin and/or /usr/sbin which are in root's PATH by default but not in normal users PATH by default. Of course you have a couple of options. You can put those directories in your user's PATH or you can add the "-" to the "su" command so it loads root's environment before executing the command you are running with the "su" command. Also, some of those commands can't be successfully run by a normal user. A normal user can't set routes for instance. They also can't open sockets on ports lower than port 1024. These require root privileges. So you could "su - -c yourscript", or if you want it to be passwordless you can set up "sudo" to run the script. You would add a config entry to the /etc/sudoers file to grant your user permissions to run the script as root (use visudo command to edit that file).

There are many other ways of course. Normally you would set up a ppp interface just like you do an ethernet interface so you can do an "ifup ppp0" and "ifdown ppp0". You can set the "USERCTL=yes" in your /etc/sysconfig/network-scripts/ifcfg-ppp0 which would allow normal users to bring up the interface. I think most of what you are trying to do can even be configured from the graphical tools. I normally modify the scripts in /etc/sysconfig/network-scripts if I have to do something non-standard like what you seem to have to do. For instance, you might have to modify /etc/sysconfig/network-scripts/ifup-ppp. You could also create an /sbin/ifup-local script to do other things after an interface is brought up. If you look through the scripts in /etc/sysconfig/network-scripts you'll see that there is a check to see if /sbin/ifup-local exists and execute it if it does, passing the interface name to the script so you can perform different functions depending on what interface is being brought up.

Just tossing some things out there....

Master of Reality
guru
guru
Posts: 562
Joined: Thu Jan 09, 2003 8:25 pm

Post by Master of Reality » Fri Apr 14, 2006 8:35 am

Well, the network manager in Fedora doesnt seem to be able to see either wlan0 or ndiswrapper devices. Which is odd because it did in Fedora 4.

I wrote my own ifcfg-wlan0 and keys-wlan0, but network manager now gives me an error that "Set Encode (8B2A) is an invalid argument", I'm not sure where that option even is.
Seeing this, it wouldnt do to set up ppp through network manager because i would still have to start my wireless connection manually.

I'm thinking i will us `su - -c script` and maybe make a pretty frontend using Kommander.

User avatar
Void Main
Site Admin
Site Admin
Posts: 5716
Joined: Wed Jan 08, 2003 5:24 am
Location: Tuxville, USA
Contact:

Post by Void Main » Fri Apr 14, 2006 1:24 pm

You could also set it up to use consolehelper which is what most of the system tools use to ask for root's password if you are calling it as a normal user. There is a thread on these forums where I explain how to set an app up to use it. There is also a man page on it:

http://voidmain.is-a-geek.net/man?param ... r&mode=man

Post Reply