groundstate has asked for the wisdom of the Perl Monks concerning the following question:

Please end my suffering...

I'm writing an application (call it "main") in perl. I want it to be executed by a normal user, but I want applications lauched by "main" to run as root. I do NOT want "main" to run as root. I think I can make a pam.d file like this, and name it the same as "main".

auth       sufficient   pam_rootok.so
auth       required     pam_console.so
account    required     pam_permit.so

[download]

The Authen::PAM man page does not explain what code to use to launch a second application as root though.

Replies are listed 'Best First'.
Re: Authen::PAM Help
by meredith (Friar) on Jul 16, 2004 at 20:20 UTC

    Your app has to run as root to do what you want. PAM is just a library, and can't promote your priviledges on its own. What I would suggest is sudo. You can configure it to run without asking for the user's password, and you can configure a list of apps that are OK to run as root. See your man pages for details.

    mhoward - at - hattmoward.org
[reply]
      Okay, fine... but I will still need my app to execute some binaries as the original user. Maybe PAM isn't the way to do it. Is there not a way I can run app A (as user or root, I don't care, but must be written in perl), and have app A execute various binaries both as the *original* user and some others with root privileges?
[reply]

        Umm, yeah....

        • user: system "/usr/bin/foo";
        • root: system "sudo /usr/bin/foo";

        You could run the app as root, and use sudo -u or fork, then drop privs, but that's just a bad idea.

        mhoward - at - hattmoward.org
[reply]
        sudo -u <username> <command>

        Update: Sorry, I guess I misread "some others" as referring to other users instead of other programs. Anyway, you can use sudo to run programs as any user (if you have rights to do so) not just as root.

[reply]
[d/l]

Back to Seekers of Perl Wisdom