Find the answer to your Linux question:
Results 1 to 3 of 3
Hello all! I've got a server set up, and it's going to be streaming using the shoutcast server and sc_nsv to upstream to the shoutcast server directly from a playlist. ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Jan 2006
    Posts
    1

    Bash script running program as a certain user


    Hello all!
    I've got a server set up, and it's going to be streaming using the shoutcast server and sc_nsv to upstream to the shoutcast server directly from a playlist.

    Anyways, this doesn't matter much. But what does matter is that since the server is going to be streaming more than one channel, I've decided to create a small batch script to start all servers or stop all servers. I'm a bit concerned about security and I don't want these two processes running as root. I've already created a rather unpriviledged user shoutcast in a group of the same name, but the thing is I have no idea how I could change which user a process runs from. The owner of sc_serv and sc_nsv are already set as shoutcast, but the running processes list shows the owner as root.

    Thanks for your help.

  2. #2
    Linux Guru Cabhan's Avatar
    Join Date
    Jan 2005
    Location
    Seattle, WA, USA
    Posts
    3,252
    The way to do this is via the SUID bit.

    Basically, this is an extension to the execute permission that allows the script/app to be run with the permissions of the owner.

    So let's say that we want to run script 'ooga' as user 'shoutcast'. We do this:

    Code:
    chown shoutcast: /path/to/ooga  # Set shoutcast as the owner
    chmod +x /path/to/ooga # Make ooga executable
    chmod +s /path/to/ooga # Set the SUID bit
    Then, when ooga is run, it will run with the owner's permissions.

  3. #3
    Linux Guru
    Join Date
    Oct 2001
    Location
    Täby, Sweden
    Posts
    7,578
    That's not the canonical way of doing it. The SUID bit is intended for controlled privilege escalation, not the opposite. In particular, since only the EUID is augmented by the SUID (leaving the real and saved UID as root), a process which has had root privileges "dropped" by the SUID bit could go back to being true root by just calling setuid(0).

    I take it the script itself runs as root, correct? In that case, the correct way is to just use su:
    Code:
    su - shoutcast sc_serv
    Since you are already root, it will not ask for password, but just switch to the specified user.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •