* PAM programming with gtk.
@ 2003-07-16 21:10 David Eduardo Gomez Noguera
2003-07-17 1:49 ` Glynn Clements
0 siblings, 1 reply; 2+ messages in thread
From: David Eduardo Gomez Noguera @ 2003-07-16 21:10 UTC (permalink / raw)
To: linux-c-programming
Hello. I am having some problems writing a small app that will shutdown
the pc, and I have a few questions, if someone of you know the answers
please?
shutdown needs root to execute it, so how can I get to do it? I was
thinking of a suid app that will authenticate the user via login and
password and if all is right, then execl shutdown, but gtk wont let an
app be suid. So how can I get root priviledges with pam? is it possible
at all?
Then, I dont quite understand how pam works. I compiled the demo app,
but root can authenticate to any user (using only pam_unix_auth), but
other users can authenticate to no one but themselves.
in an nutshell, any user that knows a password (to an account, not
necessarily theirs, that belongs to a certain group) should be able to
reboot.
Any help?
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: PAM programming with gtk.
2003-07-16 21:10 PAM programming with gtk David Eduardo Gomez Noguera
@ 2003-07-17 1:49 ` Glynn Clements
0 siblings, 0 replies; 2+ messages in thread
From: Glynn Clements @ 2003-07-17 1:49 UTC (permalink / raw)
To: davidgn; +Cc: linux-c-programming
David Eduardo Gomez Noguera wrote:
> Hello. I am having some problems writing a small app that will shutdown
> the pc, and I have a few questions, if someone of you know the answers
> please?
>
> shutdown needs root to execute it, so how can I get to do it? I was
> thinking of a suid app that will authenticate the user via login and
> password and if all is right, then execl shutdown, but gtk wont let an
> app be suid. So how can I get root priviledges with pam? is it possible
> at all?
>
> Then, I dont quite understand how pam works. I compiled the demo app,
> but root can authenticate to any user (using only pam_unix_auth), but
> other users can authenticate to no one but themselves.
>
> in an nutshell, any user that knows a password (to an account, not
> necessarily theirs, that belongs to a certain group) should be able to
> reboot.
I strongly suggest that you use sudo for this. I.e. configure sudo to
allow all such users to run /sbin/shutdown as root, then have your GTK
program invoke sudo via xterm, e.g.
xterm -T Sudo -geometry 30x1 -e sudo shutdown -h now
Shutdown needs root privilege. Your GUI program isn't running with
root privilege. Consequently, a setuid program has to get involved
somewhere along the line. Writing a setuid program which doesn't give
everyone unrestricted root privilege is hard. So use an existing
program which is likely to have been written by someone who knows what
they are doing.
If you are intent on doing this yourself, don't use a setuid program.
Write a daemon which is run as root (via init and /etc/rc.d/) and
which will perform a shutdown upon receipt of a valid request. Writing
a daemon is easier to get right than writing a setuid program. A
daemon only has to worry about malicious input on it's socket (or FIFO
etc), whereas a setuid program has to worry about its entire process
environment.
--
Glynn Clements <glynn.clements@virgin.net>
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2003-07-17 1:49 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2003-07-16 21:10 PAM programming with gtk David Eduardo Gomez Noguera
2003-07-17 1:49 ` Glynn Clements
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).