The Warring States of NPF
Page 1 of 2 1 2
Show 80 post(s) from this thread on one page

The Warring States of NPF (http://www.nuklearforums.com/index.php)
-   Computers & Technology (http://www.nuklearforums.com/forumdisplay.php?f=60)
-   -   Linux/Java - Question about user/owner rights for processes (http://www.nuklearforums.com/showthread.php?t=39917)

Fifthfiend 04-11-2011 02:07 PM
Linux/Java - Question about user/owner rights for processes
 
OKAY SO

As far as I understand with Linux

A process typically executes with the permissions of the user that executed it.

HOWEVER

It is possible to set a process to execute with the permissions of the user who owns that file.

MY QUESTION IS

If I am running a .jar file with Java, can I set it so that it runs using the permissions of the owner of that .jar file?

OR is it only possible to set it to run using the permissions of the Java executable/command (which I would not do since I think Java is owned by root or some shit).

Or is there some other means by which to determine the permissions with which a particular process runs, independently of the user who initiates that process?

Professor Smarmiarty 04-11-2011 02:29 PM
So if I understand this correctly (though I'm sure there are peple much better suited to help than me flying around):
Jar file is owned by user A
You are running as user B
You want to use Java (owned by root) to execute the jar as user B with the permissions of user A?

My preemptive answer: CHMOD 777 all of Linux. It'll make everything run fantastically.

Fifthfiend 04-11-2011 02:39 PM
Quote:
Originally Posted by Smarty McBarrelpants (Post 1120581)
So if I understand this correctly (though I'm sure there are peple much better suited to help than me flying around):
Jar file is owned by user A
You are running as user B
You want to use Java (owned by root) to execute the jar as user B with the permissions of user A?
This is pretty much the idea yeah.

Quote:
Originally Posted by Smarty McBarrelpants (Post 1120581)
My preemptive answer: CHMOD 777 all of Linux. It'll make everything run fantastically.
Pretty much the goal of the exercise is to get this working while maintaining the various access levels.

rpgdemon 04-11-2011 03:08 PM
Note: Don't do this. At all.
 
Better answer: CHMOD 000, works even more fantastically.

Fifthfiend 04-11-2011 06:17 PM
When people show up at my door with pitchforks and torches wanting to know where their minecraft went I'm gonna give them your address.

Professor Smarmiarty 04-11-2011 06:22 PM
Yeah I'm not sure how to do that without doing it all in root and just putting in an extra command on the end of the script to set the permissions to that of the owner but that is clearly not ideal.
Sorries

Fifthfiend 04-11-2011 06:30 PM
Quote:
putting in an extra command on the end of the script to set the permissions to that of the owner
I actually launch the minecraft server from a script so if it is possible to set which permissions to execute java with in that script then that would actually work.

synkr0nized 04-11-2011 08:00 PM
hahaha chmod 777
 
Use chmod 4777 on the files in question. This should tell your filesystem that the files/scripts should run as the owner of the script. If you have something like the following:

users a, b
scripts x, y
a owns x, b owns y

Using chmod 4777 should make it so that when a executes y it runs with b's permissions. I haven't tried this myself yet but can make a couple stupid echo scripts to verify. I believe the order is to create the scripts under the correct user accounts (you can use sudo with a specified user or using the sudoers list to do this if needed), assign the permissions (i.e. execute chmod) as root, and then run them however you intend to run them under the regular user.

* e: chown may be of help, as well, in setting your owners.

Fifthfiend 04-11-2011 08:06 PM
HMMMMMMMMM

That sounds like it should work but to be clear

we have...

users a, b
script x
java
jarfile y

Script x tells Java to run Jarfile y. So if I chmod script X to run with the permissions of user A, will it pass that permission level onto Java / Jarfile Y?

Testing actually would be the best way to work this out, "set up some kind of test server for trying out this sort of thing without taking minecraft offline" is one of many entries on the ever-expanding list of things I am totally eventually going to do.

synkr0nized 04-11-2011 08:13 PM
I didn't do the other work I wanted to do today, so why not do this also.
 
Hmm. That is an added layer I glossed over.
While I only currently have myself and root on my testing box (though maybe Apache is a user, too), I was able to make a script and alter its permissions and ownership. But when running it, it just opened the file browser with my permissions, not root's. So how to transfer ownership to the thing called in the script...

What happens if you set the ownership of the .jar file itself? I have none to test.

I will see if I can get Nautilus to open as root when running as myself via the ownership thing (i.e. not cheating and using sudo :P).


*** edit
Actually that is maybe too round-about.
Why not have, in your script, a sudo -u command to execute the .jar as a specific user?
For example, using your labeling above, inside script x:

Code:
sudo -u b <comamnd to run .jar file>

Again, as my machine's listed users are limited, you may need to additionally provide user a with the capability to make use of sudo like this via the sudoers file. I was able to duplicate my script and add the sudo command to open programs as root, though I realize that's a much more common thing than as another user. Still, the principle should be the same, as that is the entire point of sudo.


All times are GMT -5. The time now is 10:54 PM.
Page 1 of 2 1 2
Show 80 post(s) from this thread on one page

Powered by: vBulletin Version 3.8.5
Copyright ©2000 - 2021, Jelsoft Enterprises Ltd.