Results 1 to 3 of 3
Enjoy an ad free experience by logging in. Not a member yet? Register.
- Join Date
- Jan 2006
Bash script running program as a certain user
I've got a server set up, and it's going to be streaming using the shoutcast server and sc_nsv to upstream to the shoutcast server directly from a playlist.
Anyways, this doesn't matter much. But what does matter is that since the server is going to be streaming more than one channel, I've decided to create a small batch script to start all servers or stop all servers. I'm a bit concerned about security and I don't want these two processes running as root. I've already created a rather unpriviledged user shoutcast in a group of the same name, but the thing is I have no idea how I could change which user a process runs from. The owner of sc_serv and sc_nsv are already set as shoutcast, but the running processes list shows the owner as root.
Thanks for your help.
The way to do this is via the SUID bit.
Basically, this is an extension to the execute permission that allows the script/app to be run with the permissions of the owner.
So let's say that we want to run script 'ooga' as user 'shoutcast'. We do this:
chown shoutcast: /path/to/ooga # Set shoutcast as the owner chmod +x /path/to/ooga # Make ooga executable chmod +s /path/to/ooga # Set the SUID bit
- Join Date
- Oct 2001
- Täby, Sweden
That's not the canonical way of doing it. The SUID bit is intended for controlled privilege escalation, not the opposite. In particular, since only the EUID is augmented by the SUID (leaving the real and saved UID as root), a process which has had root privileges "dropped" by the SUID bit could go back to being true root by just calling setuid(0).
I take it the script itself runs as root, correct? In that case, the correct way is to just use su:
su - shoutcast sc_serv