Thread: need sudo priviledges in c program

  1. #1
    Registered User
    Join Date
    Feb 2011
    Posts
    1

    need sudo priviledges in c program

    Dear all,

    I need to do mount/umount operations in my c program. But my program can only be run under normal user. However, the user who run my program have sudo priviledges to do mount/umount operations. How can i apply the sudo privileges in the mount(2) system call? Please help.

  2. #2
    Registered User
    Join Date
    Sep 2006
    Posts
    8,868
    I thought programs were run, by default, under the privileges of the person initiating them. Just a casual Linux user here, however.

  3. #3
    Bit Fiddler
    Join Date
    Sep 2009
    Posts
    79
    You can't.

    Add 'your program' to the users sudo list, hence giving him/her the possibility to sudo your program (check man visudo, or the documentation of your distributions sudo implementation).

    If you use a distribution that hasn't disabled the UID bit, you can use that. You set root as owner of 'your program' and set the UID bit. Which make the program run under the owners identity always. (Doesn't work with scripts, though.) If security is important, this is not an option.
    Code:
    $ chown root your_program
    $ chmod +s your_program

  4. #4
    Officially An Architect brewbuck's Avatar
    Join Date
    Mar 2007
    Location
    Portland, OR
    Posts
    7,396
    Let me preface this by saying that unless you're an actual expert in security, mucking around with things that grant root access is likely to create a security bug. But anyway...

    Rather than instituting permissions hacks, implement a mount server that runs as root and is responsible for doing the mount/umount. Your user level program would talk to the server and make mount/umount requests. Some basic authentication between your program and the mount server wouldn't be a bad idea. You could implement this authentication quite easily by using a named pipe or UNIX socket to talk to the server -- the pipe or socket would be accessible only by root and the user who is authorized to use the program.

    That way, if your user program is compromised, it doesn't have full-blown root control over the system. The mount server is a simple component that's easier to get right, security-wise.

    EDIT: I'm probably reinventing the wheel here. There's gotta be something out there already which does this.
    Last edited by brewbuck; 02-10-2011 at 12:45 PM.
    Code:
    //try
    //{
    	if (a) do { f( b); } while(1);
    	else   do { f(!b); } while(1);
    //}

Popular pages Recent additions subscribe to a feed

Similar Threads

  1. Issue with program that's calling a function and has a loop
    By tigerfansince84 in forum C++ Programming
    Replies: 9
    Last Post: 11-12-2008, 01:38 PM
  2. Need help with a program, theres something in it for you
    By engstudent363 in forum C Programming
    Replies: 1
    Last Post: 02-29-2008, 01:41 PM
  3. Replies: 4
    Last Post: 02-21-2008, 10:39 AM
  4. My program, anyhelp
    By @licomb in forum C Programming
    Replies: 14
    Last Post: 08-14-2001, 10:04 PM

Tags for this Thread