How to give partial user access to systemctl without sudo/su/root

Gabriel Grinspan

1/9/24, 4:45 PM

I'm a bit new to this, so I'm not sure where to look.

I have access to a server that as a command that executes a limited version of systemctl, and I want to expand it.

The command acts as follows: It allows specific users without sudo rights to execute systemctl. It only allows the user to run systemctl on 3 specific services.

I took a peek at how this was originally accomplished, and the creator of this command made an executable file (ELF 64-bit LSB pie executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, BuildID[sha1]=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa, for GNU/Linux 3.2.0, stripped) that has is owned by root and has the setuid bit as true. I tried de-compiling the executable and it seems to just check if the user is a specific user and run systemctl as root.

I have two issues:

I'm not sure how to turn this back into valid source code.
I'm concerned about security risks with using the setuid bit.

603

1 + 0

setuid

systemctl

Score:1

Server

Rino Bino

1/9/24, 5:04 PM

It's not really clear what you're trying to do as an end goal:

Are you trying to reverse engineer a custom compiled binary?
OR are you trying to grant systemctl to a non-root user?

Each of those should be composed as their own separate questions.

First, If you are trying to "decompile" a binary executable there is no real easy answer to turn it back into source code and if you have no access to the code or build methods you should just start over building a custom solution or do something else to accomplish your goal. A compiled binary executable doesn't even know what language it was originally written in, let alone being able to turn itself back into source code. You do have some basic ELF info though, so maybe start here: https://reverseengineering.stackexchange.com/

Secondly, to answer your primary question: (ignoring the reverse engineering binaries portion of the question), you can use the existing sudoer system to grant specific "root/sudo" commands to a non-root user. Here is an example sudoers line:

nancy ALL=(ALL) /usr/bin/systemctl restart nginx

This allows the nancy user to run sudo systemctl restart nginx but they are not allowed to do anything else with sudo. You can expand this out as necessary for your use-case and allow the user (or group) to run different specific commands.

+ 1

Gabriel Grinspan

1/9/24, 5:26 PM

Thank you. The initial plan was to reverse engineer the executable and give the user access to systemctl via another command, but this accomplishes the same end goal. I was able to use `gabe ALL=(ALL) NOPASSWD: /usr/bin/systemctl *my-service`. I also plan on making a bash script that makes this into another command.

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: How to give partial user access to systemctl without sudo/su/root

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.