[NMLUG] help with sudo

Subject: [NMLUG] help with sudo
From: pi at pihost.us (Anthony Martinez)
Date: Sun, 30 Sep 2007 22:06:31 -0600
In-reply-to: <72799cd70709251715h486ac0b4keadc3cfc5dd757ed@mail.gmail.com>
References: <72799cd70709251715h486ac0b4keadc3cfc5dd757ed@mail.gmail.com>

On Tue, Sep 25, 2007 at 06:15:28PM -0600, Chris McMahon wrote:
> Hi NMLUG...
> 
> For a complicated reason, I need to run a script that sets euid to
> several different values.  I have sudo ALL privileges, but I won't get
> root on the machine in question.
> 
> Under sudo, I can set euid once, but I haven't figured out a way to
> set euid more than once.  Here's a toy Ruby script that shows the
> problem:
> 
> #################
> euids = [2205, 2206, 2207]
> 
> euids.each do |id|
> 
>     Process.euid = id
>     puts "euid is: "
>     puts Process.euid
> 
> end
> ####################

Just as an aside, I'd probably encapsulate that into a method like the
following:

def run_as_euid(euid)
    orig_euid = Process.euid
    Process.euid = euid
    yield
    Process.euid = orig_euid
end
[2205,2206,2207].each do |e|
    run_as_euid(e) do
        puts "euid is: #{Process.euid}"
    end
end

That's a matter of preference, though :)
> 
> Here's the output of this script running as me, and under sudo:
> 
> cmcmahon at machine:~$ ruby sudodemo.rb
> sudodemo.rb:7:in `euid=': Operation not permitted (Errno::EPERM)
>         from sudodemo.rb:7
>         from sudodemo.rb:5:in `each'
>         from sudodemo.rb:5
> cmcmahon at machine:~$ sudo ruby sudodemo.rb
> euid is:
> 2205
> sudodemo.rb:7:in `euid=': Operation not permitted (Errno::EPERM)
>         from sudodemo.rb:7
>         from sudodemo.rb:5:in `each'
>         from sudodemo.rb:5
> cmcmahon at machine:~$
> 
> 
> I also have access to the user whose euid is 2205, and that user also
> has sudo ALL privileges.  I've tried doing "sudo -v" as the 2205 user
> and then running the script as me, but I get the same result.
> 
> It may not be possible to do what I want to do, but any suggestions
> would be appreciated.
> Thanks,
> -Chris
> _______________________________________________
> NMLUG mailing list
> NMLUG at nmlug.org
> http://lists.b9.com/cgi-bin/mailman/listinfo/nmlug
> 

-- 
All C programs do the same thing: look at a character and do nothing with it.
-- Peter Weinberger
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.b9.com/pipermail/nmlug/attachments/20070930/4cd6430a/attachment.pgp

References:
- [NMLUG] help with sudo
  - From: christopher.mcmahon at gmail.com (Chris McMahon)

Prev by Date: [NMLUG] help with sudo
Index(es):
- Chronological
- Thread

Please send sugestions and comments to webmaster@nmlug.org.