2

I have written a c++ script that disables or enables users within a Solaris environment. This is done by calling the passwd through

sprintf(cmd, "/usr/bin/passwd -l %s", argv[1]);

However the script is not executed by root, but by another user. While the script executes the passwd changes are not done. Seems this is an issue with the user permission on passwd.

However it seems that only root can modify passwd. Is this true? Can something else be done? In the sense that passwd can be modified by other users?

undur_gongor
  • 15,657
  • 5
  • 63
  • 75
  • The user need to have root permission. – raj raj Jun 05 '13 at 09:49
  • This question is not related to C++. It's an issue (a feature) of Solaris you are struggling with. unix.stackexchange.com is the place to go to. `suid` might be what you are looking for. – undur_gongor Jun 05 '13 at 09:57
  • HI undur_gongor, yes you are right this is a Solaris/Unix issue but wanted to provide some information before proceeding with the question. –  Jun 05 '13 at 10:04

2 Answers2

1

You need root permission in order to do that. However, you can configure sudo to allow the execution of your binary as root for a specified user.

An other solution would be to setuid the binary. However, care must be taken when doing that.

Xaqq
  • 4,308
  • 2
  • 25
  • 38
  • For instance, doing that with the code shown above would be an instant security hole, as it uses `sprintf` with a user provided argument and no limit on the data written to the cmd buffer - either `asprintf` or `snprintf` needs to be used instead to be safe. – alanc Jun 06 '13 at 14:08
  • @alanc Yeah I know, that's why I wrote that care must be taken if he choses to do that. Executing command based on user input is often dangerous. – Xaqq Jun 06 '13 at 14:59
0

The process should have CAP_SETUID capability and user id is to be set to 0.

raj raj
  • 1,932
  • 1
  • 14
  • 15
  • Capabilities are for Linux - on Solaris it needs privileges instead. (Similar concepts, different implementations.) – alanc Jun 06 '13 at 14:09