0

According to https://unix.stackexchange.com/a/489913/674

cron jobs can run as any user, without that user being logged in.

root doesn’t need to log in to start the init process, thankfully (imagine handling a fleet of thousands of servers and millions of VMs otherwise);

If I want to run a process, with me as its owner, without logging in, how can I do that at both system/library call level and utility level?

If root wants to do that, how can it do it?

How can a service user which can't log in start a process as its owner or become its owner later?

Is the only way to call setuid() or seteuid() in the program run by the process?

Thanks.

Community
  • 1
Tim
  • 98,580
  • 191
  • 570
  • 977
  • 2
    I do not understand the point of the question. Where is the complication or novelty of a user setting up his own crontab? – Rui F Ribeiro Dec 19 '18 at 13:49
  • 1
    `crontab -u user -e` – RubberStamp Dec 19 '18 at 13:53
  • 1
    A process doesn't have an owner until it's started, so that part of the question should be reworded, I think. – Jeff Schaller Dec 19 '18 at 13:53
  • 2
    Possible duplicate of [su options - running command as another user](https://unix.stackexchange.com/questions/1087/su-options-running-command-as-another-user) – muru Dec 19 '18 at 13:56
  • >If I want to run a process ~as~ and become its owner without logging in .... The question is now a completely different topic. – RubberStamp Dec 19 '18 at 13:59
  • @RubberStamp Without logging in, to start a process as its owner, I will have to start another process first and change to become its owner and then that process forks a process with me as its owner? – Tim Dec 19 '18 at 14:13
  • My point was and is, your question seems to have morphed from one topic to another and ... as is... is not well defined or worded. I think I understand your question *now*, but it may be better worded like: **How can I duplicate cron's ability to start a process as any valid user?** .... And I think the answer is found in cron's source tree ... `do_command.c` ... `static void child_process __P((entry *, user *)), do_univ __P((user *));` ... but this is a simple cursory look. – RubberStamp Dec 19 '18 at 14:23
  • Maybe I don't get what this is about, but root can "become" any user by calling `setuid()` &co. When a user logs in, the programs they're using to log in is doing the same -- with the inconsequential difference that it *may* write some useless & untrustworhy garbage to `/var/run/utmp`. `cron` is switching the user without doing that -- thence the nebulous idea that it somehow runs as a user without that user being "logged in". –  Dec 19 '18 at 15:56
  • @mosvy thanks. Do a service user start a process as its owner or become its owner later without logging in, by starting with root and then setuid() to the service user? – Tim Dec 19 '18 at 16:09
  • Are you asking “how do I start a program, as another user?”? – ctrl-alt-delor Dec 19 '18 at 16:57
  • @ctrl-alt-delor Yes................................................................ – Tim Dec 19 '18 at 17:00
  • Actually...Login is also not a well-defined concept, only session-manager like `systemd-logind` or `ConsoleKit` cares about that, the kernel, doesn't. There're so many commonly used concept not defined at kernel-level, I think you should know that. Since you can always change userspace apps you use(Yeah, that's why sometimes I say open source sucks), all concept defined in userspace might change with the distro. – 炸鱼薯条德里克 Dec 20 '18 at 04:51
  • What "service user" do you mean by? Service processes are started by service manager, which is usually fork(), setuid(), exec() , but please notice that after exec(), the code of the service program itself might call setuid() as well, which , of course, also affects the UIDs of service process. [some service manager don't do setuid() but rely on the service program itself]. – 炸鱼薯条德里克 Dec 20 '18 at 04:55
  • @神秘德里克 Is there some system call(s) for login? Does login only refer to using the program `login`? Do `su` and `sudo` count as login? Does `cron` count as login? `sshd` invokes program `login`, so `sshd` is also login? – Tim Dec 20 '18 at 05:07
  • @Tim. No. Only syscall to create threads or process. That's why I say kernel doesn't care about login. – 炸鱼薯条德里克 Dec 20 '18 at 05:09
  • @神秘德里克 what did Stephen mean by login in https://unix.stackexchange.com/a/489913/674 then? – Tim Dec 20 '18 at 05:11
  • Why do you like to ask the same question again and again? Like I said about daemons, userspace processes might care about that, but may different from human's mind. So please define C before you ask "Is this counted as C?" .Back to your question, by systemd with logind, on Arch Linux. `su` or `sudo` doesn't create logind session, so common answer for this situation is no. But for human, you get an CLI or GUI or control board or vending machine button or a key of a locker, you logined into the system. – 炸鱼薯条德里克 Dec 20 '18 at 05:16
  • Usually we use the concept with a (context implied) particular userspace. Like I said no, with common userspace and configuration of ArchLinux. – 炸鱼薯条德里克 Dec 20 '18 at 05:19
  • Did you see my comment starting from "Actually…"⁇ – 炸鱼薯条德里克 Dec 20 '18 at 05:20

1 Answers1

2

There are 3 ways to change user of a process in Unix.

2 system level ways to change user of a process

  • if the process has capability CAP_SETUID, traditionally root has this capability (and all other capabilities), then it can use setuid, setreuid, setresuid, setfsuid, system calls, to change to any other user. Any other user can shuffle uids: A process has 3 uids, it can move them around, at will: it can swap them, or remove them until it is down to one. It can not add uids, unless it has capability CAP_SETUID. In general a process can only loose privileges or move them around, using these system calls. These calls allow the program to continue.
  • exec a suid executable: If an executable file has its suid bit set, and if it is of a valid type (not a scripts, not java, not …), then when it is run, its effective user id is changed to that of the files owner. (same can be done for group with sgid bit). This is the only way to gain privileges. The current program ends when exec is called, it is replaced with the new program, but it is the same process, it also inherits open files (e.g. stdin, stdout, stderr).

fork dose not change user. A forked process is an exact duplicate of its parent, with a few exceptions (see man fork). In particular the uid, gid, and capabilities are not changed.

Utility methods

These programs use the 2 system methods described above.

  • use sudo or su:
    • su will ask for the password of the other user.
    • sudo will ask for your password, but will only work if you are registered in the sudoers file.

sudo, su, login, cron etc use the 2 system methods. (And will create a new process. The other system methods do not create a new process.)

What does sudo, su do?

#↳ ll /usr/bin/sudo
-rwsr-xr-x 1 root root 155K Sep  9  2017 /usr/bin/sudo*

As use can see the sudo executable is owned by root, and has the suid bit set (the s, where you would expect to see the first x).

When sudo is run, it runs as root (don't try this, unless you know what you are doing). It then does security checks. Then it uses set??uid to become the required user, it then execs (and maybe a fork) the required program.

Running a process, without logging in

Use some timed start service.

  • cron
  • at

Send a network message, e.g. a web-server may run a task in response to a web request.

Use automated login: use ssh to launch a process, via a script on another machine.

Community
  • 1
ctrl-alt-delor
  • 27,473
  • 9
  • 58
  • 102
  • Thanks. Would like to know more about how "Send a network message, e.g. a web-server may run a task in response to a web request" starts a new process with a different user? – Tim Dec 20 '18 at 04:05
  • I believe root process can drop this capability, I know it's nit-picking, but I think it would be better without mentioning "root has this", after all, capability set in indepent from process UIDs, right? – 炸鱼薯条德里克 Dec 20 '18 at 04:41
  • 3
    @Tim Your (later) edits to the answer are confusing. First of all, a process can never be "not running". Secondly, the whole `Running a process, without logging in, means changing the user of a running process, without invoking the login program. (?)` reads like a question that should have been a comment. – Kusalananda Dec 20 '18 at 07:28
  • @Tim additionally, `login` isn’t often involved when logging in; for example, logging in using a display manager, or connecting with SSH, doesn’t involve `login`. – Stephen Kitt Dec 20 '18 at 08:41
  • I reverted @Tims edits, and then incorporated the bits that were useful: changed layout of answer, so it maps better to the question. (there were many bits that were incorrect or misleading). – ctrl-alt-delor Dec 20 '18 at 19:47
  • @Kusalananda I wrote "changing user of a running process" to contrast to that I am not sure if you can `fork()` a new process with a different user. – Tim Dec 21 '18 at 15:58
  • I added some more on `set?id` and `exec`, and added a section on `fork` (fork is **not** a method to change user) – ctrl-alt-delor Dec 21 '18 at 20:11