[Gambas-user] Program to use different group rights
Tobias Boege
taboege at gmail.com
Mon Nov 26 22:54:16 CET 2018
On Mon, 26 Nov 2018, Rolf-Werner Eilert wrote:
> When a program needs to read from a file which could actually only be read
> if member of a special group, how would this be achieved?
>
Complementing the other answers, I think the most proper way is to start
the program with the required permissions -- unless only a tiny part of
your program needs these permissions.
You can use su or sudo for that. In contrast to the other answers, which
run a script (I assume) from inside your program using su or sudo, this
method would start your whole program with the required privileges.
> I found that in order to read from /etc/shadow, a program needs to be member
> of the group "shadow". But when I start a password management program (in
> GUI) as an ordinary user, this program will be member of my own group only.
>
su and sudo allow you to specify your desired group.
> So how would such a program be able to read my hash from /etc/shadow to
> verify if I type the right old password first? The new password could be
> sent to passwd to form and save a new hash, but how to read the old one
> first?
>
If you require the user to start your program with the necessary permissions,
by calling it with su or sudo, you can rely on them having authenticated
succesfully against the *tried and tested standard tools* before even the
first line of your code gets to execute. Such a check in your program would
be redundant then. And that's a bonus! Your program should not reimplement
authentication, but leave that to the tools whose purpose is authentication.
The purpose of your program is to perform some task using these elevated
privileges.
If you want to be extra user-friendly, you can have your single program
check its current user and group on startup and if it detects insufficient
permissions, it will try to launch itself again via gksu(do), kdesu(do) or
(whatever it is that is responsible on the target system; cf. Desktop.RunAsRoot).
That will annoy the user minimally out of all options which maintain a
separation of "authorization to perform a task" and "the task".
But again, it depends on the scope of the program you want to write.
If it's a large program, only a tiny bit of which needs elevated privileges,
consider splitting the program or performing the privileged task early and
dropping the privileges afterwards [1].
Regards,
Tobi
[1] https://stackoverflow.com/questions/3357737/dropping-root-privileges
--
"There's an old saying: Don't change anything... ever!" -- Mr. Monk
More information about the User
mailing list