Asp Forum
Home
|
Login
|
Register
|
Search
Forums
>
comp.lang.ruby
UID/EUID subshell solutions
Luke A. Kanies
12/12/2006 2:33:00 AM
Hi,
I'm having inconsistent behaviour with running external commands as
other users, and the time has apparently come to use something akin
to a fork and popen3 to get something approximating consistent
bahaviour.
I'm currently setting EUID and executing external commands, but some
shells ignore that (which is apparently the "standard").
I need some solution that will allow me (when running as root) to run
shell commands as another user and capture stdout and (hopefully)
stderr. This basically means fork and run Process.uid = blah, but
there's some IPC to do too.
Is there a semi-standard pattern for doing this, or does someone have
some simple example code I can use?
Thanks,
Luke
--
The major difference between a thing that might go wrong and a thing
that cannot possibly go wrong is that when a thing that cannot
possibly
goes wrong goes wrong it usually turns out to be impossible to get at
or repair. -- Douglas Adams, Mostly Harmless
---------------------------------------------------------------------
Luke Kanies |
http://reducti...
|
http://m...
3 Answers
Paul Lutus
12/12/2006 3:14:00 AM
0
Luke Kanies wrote:
> Hi,
>
> I'm having inconsistent behaviour with running external commands as
> other users, and the time has apparently come to use something akin
> to a fork and popen3 to get something approximating consistent
> bahaviour.
>
> I'm currently setting EUID and executing external commands, but some
> shells ignore that (which is apparently the "standard").
This is a very desirable shell behavior, to avoid an obvious hacker
vulnerability.
>
> I need some solution that will allow me (when running as root) to run
> shell commands as another user and capture stdout and (hopefully)
> stderr. This basically means fork and run Process.uid = blah, but
> there's some IPC to do too.
>
> Is there a semi-standard pattern for doing this, or does someone have
> some simple example code I can use?
`su (username) -c (command)`
--
Paul Lutus
http://www.ara...
Luke A. Kanies
12/17/2006 1:08:00 AM
0
On Dec 11, 2006, at 9:15 PM, Paul Lutus wrote:
> Luke Kanies wrote:
>>
>> I'm currently setting EUID and executing external commands, but some
>> shells ignore that (which is apparently the "standard").
>
> This is a very desirable shell behavior, to avoid an obvious hacker
> vulnerability.
I don't see how it's an obvious vulnerability; I thought the kernel
was just as protective of UID as it as of EUID.
>> I need some solution that will allow me (when running as root) to run
>> shell commands as another user and capture stdout and (hopefully)
>> stderr. This basically means fork and run Process.uid = blah, but
>> there's some IPC to do too.
>>
>> Is there a semi-standard pattern for doing this, or does someone have
>> some simple example code I can use?
>
> `su (username) -c (command)`
This isn't very cross-platform, unfortunately; I'm looking more for a
Ruby implementation, rather than shell, and I specifically require
support on as many platforms as possible. This is for Puppet[1],
which attempts to provide an abstraction layer across different *nix
machines, so it's very important that it be as easy to make it work
on many platforms.
1 -
http://reducti...
/proje...
--
Like frozen sentries of the serengeti, the century-old termite mounds
had withstood all tests of time and foe - all tests, that is, except
the one involving drunken aardvarks and a stolen wrecking ball."
-- Gary Larson
---------------------------------------------------------------------
Luke Kanies |
http://reducti...
|
http://m...
Luke A. Kanies
12/19/2006 8:57:00 PM
0
On Dec 11, 2006, at 8:33 PM, Luke Kanies wrote:
> Hi,
>
> I'm having inconsistent behaviour with running external commands as
> other users, and the time has apparently come to use something akin
> to a fork and popen3 to get something approximating consistent
> bahaviour.
This ended up being my solution:
http://m...
/articles/2006/12/19/shell-comman...
def execute(command, user = nil, group = nil)
IO.popen("-") do |f|
if f
text = f.read
return text
else
$stderr.close
$stderr = $stdout.dup
Process.uid = user if user
Process.gid = group if group
system(*command)
exit!
end
end
end
--
Men never do evil so completely and cheerfully as when they do it
from a
religious conviction. --Blaise Pascal
---------------------------------------------------------------------
Luke Kanies |
http://reducti...
|
http://m...
Servizio di avviso nuovi messaggi
Ricevi direttamente nella tua mail i nuovi messaggi per
UID/EUID subshell solutions
Inserendo la tua e-mail nella casella sotto, riceverai un avviso tramite posta elettronica ogni volta che il motore di ricerca troverà un nuovo messaggio per te
Il servizio è completamente GRATUITO!
x
Login to ForumsZone
Login with Google
Login with E-Mail & Password