0

What is the best way to run Linux commands that require "su" with Java? I want it to be very reliable, as for security goes I don't care much about it the system is not a production server. No one ever connects to the machine but myself. I thought about logging in as root so I don't have to deal with the su command and its disabled by default. I'm using Debian 6.

The only thing is that one of my requirements is that the program should start after the normal user logs in without any farther user input. I would set auto login for the normal user and when the computer is turned on and after the normal user logs in I would want that Java program to run as sudo, su without any user input. Would that be possible?

Please tell me a simple and reliable solution.

Regards

hsanders
  • 1,913
  • 12
  • 22
Arya
  • 8,473
  • 27
  • 105
  • 175
  • I think you should improve this question a bit more: What do you hope to achieve by doing this? Are you trying to use su (which is really just switch user) to run as a non-root user? Are you trying to run commands as root, and what are you trying to get to as an end goal by using root? If you answer these questions it'll be easier to show you what to do. – hsanders Jun 21 '12 at 16:57
  • just throwing this out there for thought: I wonder if you could just use your password in the application when executing the commands somehow - since you said it's for your own use – user12345613 Jun 21 '12 at 16:58
  • As a matter of opinion, if you want your Java program to be reliable don't make it rely on external programs. – maksimov Jun 21 '12 at 16:59
  • 1
    I would do it a different way. Before you run the program, ensure that whoever is running the program is root (and I think that may be the way it is normally done, not sure). i.e., on startup, make a system call and if the user is not root, exit. – Chris Dargis Jun 21 '12 at 17:01
  • @hsanders I'm trying to run commands as su or sudo from Java like reboot, pon, poff, etc ... – Arya Jun 21 '12 at 17:02
  • @VanDarg is there anyway to make the program run as root when I'm logged in as a normal user? – Arya Jun 21 '12 at 17:05
  • Yes, in the terminal the command is sudo java -jar pathToJarFile. This will prompt user for a password. To run the program as root, you have to run with sudo. – Chris Dargis Jun 21 '12 at 17:07
  • @VanDarg I see, the only thing is that one of my requirements is that the program should start after the normal user logs in without any farther user input. I would set auto login for the normal user and when the computer is turned on and after the normal user logs in I would want that Java program to run as sudo, su without any user input. Would that be possible? – Arya Jun 21 '12 at 17:13
  • @Arya: Try running the command `gksudo java -jar pathToJarFile` on startup. This should prompt a dialog box to the user that asks for the root password when the computer starts up, if you don't mind that. – Chris Dargis Jun 21 '12 at 17:17
  • 1
    @J-16 SDiZ I think has the right answer. When you're executing one particular command you don't need to do sudo su - root to do that command, you just use sudo. Set up the list of commands in your sudoers file using visudo, set them to run without a password as the user who will run the java program, and then the java program will be able to run those commands. – hsanders Jun 21 '12 at 17:34
  • @hsanders: That is certainly one way yes. I can think of a few security problems doing it this way. I think it is a better idea to prompt a user for a password. – Chris Dargis Jun 21 '12 at 17:39
  • 1
    @VanDarg You can limit what can be used through sudo, it's not really a big problem because you can limit what it does. It's probably a lot worse to run the whole java program as root using gksudo than it is to run a few commands from it as root with no password, as any vulnerabilities in the JVM or in anything the program does automatically become a way to root the machine, whereas if it can just run a limited subset of commands on the system that isn't the case. You don't always want the end user to have that user account's password anyhow to be able to type it in, like at a library kiosk. – hsanders Jun 21 '12 at 17:45
  • @hsanders: I am new(er) to Linux. I did not know that you can put a limit on what can be used through `sudo`. The other answer is obviously WAY better :) – Chris Dargis Jun 21 '12 at 17:48

2 Answers2

3

Use sudo instead. It can be configed to allow specific command run without typing in password.

J-16 SDiZ
  • 26,473
  • 4
  • 65
  • 84
0

For running programs that require root access, they should be run with sudo. The user will be asked to enter a password. As mentioned in the previous answer, sudo can be used to configure commands to be run as root that do not require entering a password. Try looking at the man page for sudo for more information regarding that.

If you want to run programs on system startup, you can write a bash script to run the command gksudo java -jar path when the user logs in. This will prompt the user with a dialog box to enter a password.

I also recommend doing a system call at the beginning of the program to ensure root access.

Chris Dargis
  • 5,891
  • 4
  • 39
  • 63