Date: Tue, 19 Jun 2001 10:17:42 -0500 From: Mike Meyer <mwm@mired.org> To: Eric Boucher <eric_boucher60@yahoo.com> Cc: questions@freebsd.org Subject: Re: TCL/TK: starting a process by root from a user Message-ID: <15151.27926.269821.788368@guru.mired.org> In-Reply-To: <48884089@toto.iv>
next in thread | previous in thread | raw e-mail | index | archive | help
Eric Boucher <eric_boucher60@yahoo.com> types: > Hi everybody, > > I want to know if something is possible to do with the > TCL language: I want to start a process that only root > have the permission to start. So I when the user start > my little TCL script, it will ask the normal user for > a password (not the root one of course) and if that > password is valid, it will map that password to the > one of the root and then start the process by root. So > the TCL script will contain the root password, but I > don't want that other user can see it, but can execute > it. Is there a way with the TCL language to do such a > thing? (Note: the process that I want to be started by > a user is a daemon). I'm pretty sure the answer is no, but the problem isn't tcl, it's the FreeBSD suid system. You're going about this all wrong for Unix. If you make the script mode 700 and executable by root, the sudo port should do pretty much what you want as is. You might take a look at that. If you really want to do it by hand, you'll need a C program that starts the tcl script - because FBSD ignored the suid bit on interpreted commands - and then have the script use getpwuid to get the encrypted password, get what the user thinks the password is, and test them. I can provide python showing how to do this, but I have no idea how you'd do it with tcl. It might be easiest to have the C program do the password checking, but then it's doing pretty much what sudo does. <mike -- Mike Meyer <mwm@mired.org> http://www.mired.org/home/mwm/ Independent WWW/Perforce/FreeBSD/Unix consultant, email for more information. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?15151.27926.269821.788368>