So, I had this problem where I needed to be able to run an operation as another user. The operation was to kill a process for another user. Let’s say that you wanted to kill ‘apache’, but you were ‘bob’. People that I discussed this with had the first thought that we should just make a script that was setuid. Well, I know from experience that the shell does not allow that. So a second thought was to copy /bin/kill to a home directory and set the owner for that as apache. The problem is that /bin/kill does not want to take advantage of setuid bits and just ignores it. So, I had to write my own kill command.

The basic idea is to elevate your privileges to the owner of the file, perform the operation and then exit. Here is a code example of what APIs to use.

#include <sys/types.h>
#include <unistd.h>
#include <sys/stat.h>

// we need the above includes to give us stat, the buffer type, and seteuid

// this is the structure to put the data from the file into
struct stat buff; 

// now, look at the executable file (argv[0]), dump the details into our buffer
if (stat(argv[0], &buff) == -1) {
        printf("error running stat on %s (trying to find out who we need to be)\n", argv[0]);
        exit(1);
}

// now attempt to elevate priveleges to the file owner
if (seteuid(buff.st_uid) == -1) {
    printf("error running setuid to %ld!\n", (long)buff.st_uid);
    exit(1);
}

// NOW RUN SOME API AS THAT OTHER USER

Of course, unless the executable is setuid to another user, then it won’t really do anything for you. To set the setuid bit on a file, simply use this shell command.

chown USER_TO_BE FILENAME
chmod a+s FILENAME

Well, have fun, and don’t hurt yourself. There is a reason that unix commands try to lower privileges as quickly as possible and don’t want to do things as other users.

c, programming, setuid, shell scripting Hide