[NCLUG] Need to write to non-owned file

Stephen Warren swarren at wwwdotorg.org
Fri May 11 18:12:21 MDT 2007


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

bsimpson at att.net wrote:
> I am writing a C++ application that must read a file, alter it,
> then write it back out.  This file may be owned by another user,
> and be writable only by that user.  In this case I display a
> popup to enter that user's password.  Once I have that password,
> how do I write to that user's file?  In a shell environment, it's
> easy to switch users.  I need to do that within an application.

The answer is that you don't actually want to do this. Really. It's
going to be a *huge* security hole.

Consider the case where the user of your application tricks your program
into editing /etc/passwd or something like that.

Equally, you probably don't want your program to read the user's
password and authenticate the user; it's a pain. It would require (at
least part of) your program running as root, calling a bunch of complex
APIs like setuid/seteuid/setgid/setegid, and probably a bunch of other
complex stuff.

Instead, you're probably better off spawning a copy of su/sudo/login
(possibly within a spawned xterm etc. if it's a GUI app) and having that
prompt the user for the password, and running a command to write/edit
the file.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFGRQZlhk3bo0lNTrURAs/UAKCwrhhwEsnK1Ty8/BTYEK1Uak2uMQCgomR1
PHAc3quIrhYboG5IZ8JkaYc=
=72f9
-----END PGP SIGNATURE-----



More information about the NCLUG mailing list