powered by Jive Software

Wildfire is not dropping privilages w/ "su -c ''./wildfire start'' jive"

It seems that doing

su -c command jive

does not drop root privileges.

For example

su -c “touch /root/test” jive

creates /root/test, even though jive has no write permission for /root.

This means that wildfire is not really dropping privileges. When I used one of Dan Bernstein’‘s tools (setuidgid jive touch /root/test) I’‘m told that I don’'t have permission, which is what I expect. When I do

setuidgid jive ./wildfire start

wildfire starts, but does not function correctly (I can’'t connect).

Any ideas about how I can drop privileges and still work correctly?

Thanks,

Doug

Hi,

I have a small problem to understand why you want to start Wifi as root. I’'m starting Wifi as a normal user (using the .tar.gz file to extract/install it in $HOME). If you want to execute the “wildfire” script as root you may change the java call to launch java as a normal user to start/stop Wifi.

I hope that this is possible with the Bernstein tools, I don’'t know them.

LG

Hi Doug,

It might seem stupid advice but try to run su jive -c ‘’./wildfire start’’[/i], su expects the first param to be the username. You can easily check it by running:

su jive -c “whoami” /i

and compare it with running:

su -c “whoami” jive[/i]

Cheers,

Tom

Tom,

I tend to get that backward (as my post indicates). I’‘ll double check tonight, but I’'m pretty certain that I had it correct during my test. Thanks for the reminder!

Doug

LG:

I’‘ve installed the program in /opt/wildfire per the recommendation. I’‘m starting it from a script run as root since it is being started as a system daemon – but of course I do not want to run it as root. That’‘s why I’'m trying to drop privilages to a resticted user (“jive”).

Your comment that it is running as a normal user when installed in $HOME is quite helpful – it looks like it’'s some kind of write permission, so I should be able to track it down from there.

Thanks,

Doug

Hi Dough,

my comment was really just about the order of su[/i]’‘s parameters which is important in this case as the username must be the first parameter. When you run your original command "su -c ‘’./wildfire start’’ jive" it must run under root account, but if you start it as “su jive -c ‘’./wildfire start’’” then it should run under jive user.

Try it and let me know the result.

Tom

I’'ve installed wildfire in /opt/wildfire and am running it with restricted user “jive” with a daemon (wildfired). So it should be a permisiion problem if you cant. Though you didnt mention if you have any problems by running wildfire logged in or su as jive user.

Hi Doug,

our system admin creates the scripts in /etc as I don’'t have any write permissions there. They are as far as I know a line long with something like (not sure about the right syntax):

‘‘su - wifi -c “/home/wifi/bin/wildfire $1”’’

I need no system admin or s-bits to update Wifi or to stop it manually. And system startup and shutdown runs fine.

LG

Yup that was it (testing su w/ the command and user backward). Sorry everyon for the false alarm, but thanks for all your help.

Doug