Beefy Boxes and Bandwidth Generously Provided by pair Networks
go ahead... be a heretic
 
PerlMonks  

root-owned script needs to "shell out" to bash as a non-privileged user. How?

by mrfirmware (Initiate)
on Jan 16, 2013 at 16:12 UTC ( #1013604=perlquestion: print w/ replies, xml ) Need Help??
mrfirmware has asked for the wisdom of the Perl Monks concerning the following question:

I feel like I've read every search hit I've found so far and no one seems to need to shell out to a proper bash shell from within a Perl program.

We have a Perl program running with root privileges that presents the user with a friendly yet limited CLI. It allows them to do root-y things safely to operate the product.

This works for 95% of the operations that the user needs to do on our product. However, we sometimes need to do some database things as the database user account (regular user, not root). The list of things that users may wish to do as this user (account) are many and not worth trying to encapsulate with our Perl CLI.

So I'd like to change my UID/GID to the database user, e.g. 'dbuser:dbuser', and then system('/bin/bash -i'). When the user is done with this 'mode' they type exit and are returned to the Perl CLI. I can't use 'su' here because I get 'not a tty' errors. I'm also failing to get the $< and $( to work as I had hoped.

Is this possible? If so, how?

Thanks!

Comment on root-owned script needs to "shell out" to bash as a non-privileged user. How?
Re: root-owned script needs to "shell out" to bash as a non-privileged user. How?
by choroba (Abbot) on Jan 16, 2013 at 16:28 UTC
    Instead of su, use sudo:
    system '/usr/bin/sudo', '-u', $username, '/bin/bash', '-i';
    لսႽ ᥲᥒ⚪⟊Ⴙᘓᖇ Ꮅᘓᖇ⎱ Ⴙᥲ𝇋ƙᘓᖇ
      Ok, color me embarrassed. That worked great. Thank you very much.
Re: root-owned script needs to "shell out" to bash as a non-privileged user. How?
by aitap (Deacon) on Jan 16, 2013 at 19:05 UTC

    Where do you run your script on, so it doesn't have a tty, but can be run interactively?

    A pure-perl approach to this problem looks like this:

    if ((my $pid = fork) == 0) { $< = getpwnam "dbuser" || die "getpwnam: $!"; $( = getgrnam "dbuser" || die "getgrnam: $!"; exec "/bin/bash", "-i" or die "exec: $!"; } elsif ($pid > 0) { waitpid $pid, 0; } else { die "fork: $!"; }
    Sorry if my advice was wrong.

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: perlquestion [id://1013604]
Approved by davies
Front-paged by Lotus1
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others rifling through the Monastery: (10)
As of 2014-10-21 10:41 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    For retirement, I am banking on:










    Results (100 votes), past polls