Join Log in
Score:0
avatar Ubuntu

give a program owner file access as well as user file access

us flag
Abdo Saied Anwar

I have an executable (created from python code) which I need it to access a file created by me as well as a file created by the person who runs the executable. I am not allowed to change the permissions of the files.

Here is an example:
user1 is the owner of the executable and user1_file
user2 is the owner of user2_file user2 is expected to run the executable

>>> ls -al
drwxr-xr-x 12 user1 group1 4096 Jan  2 13:48 executable
-rw------- 1 user1 group1 272 Feb 14 14:32 user1_file
-rw------- 1 user2 group2 272 Feb 14 14:32 user2_file

Here is what I have tried

  1. directly run as user2:
    it fails because he does not have read permissions to user1_file
  2. set suid for executable and then run as user2:
    it successfully read user1_file but it cannot read user2_file
  3. updating the python code to execute os.system('chmod u-s executable') before accessing user2_file:
    this operation is not allowed. Even if it is allowed, I will be concerned about how to re-add suid while the program now runs with user2 permissions.

Can there be some method to allow both user1 and user2 permissions for the executable? or maybe a way to stop user1 permissions temporarily?

22
0 + 0
pLumo avatar
in flag
pLumo
You need to fix this: "*I am **not allowed to change the permissions** of the files.*". You cannot "give a program" file acces, you give users access.
2
Reply
raj avatar
cn flag
raj
Who said that you are "not allowed to change the permissions of the files"? Is it yourself or some other person? Anyway, this person has no idea how permissions work and their thinking goes the completely opposite way. If both files belong to different users and they have permissions set for owner only (as in your case), it is not possible that any user (except root) could access both files. Period. You **need** to change the permissions of the files, otherwise you need to run your application as root.
0
Reply
us flag
Abdo Saied Anwar
I am user1. so, technically, I can change the permissions for user1_file only. However, user1_file contains info that I do not want to share with anyone
0
Reply
Score:0
avatar Ubuntu
us flag
Abdo Saied Anwar

Steps that solved my issue

  1. add the following line to the python code os.seteuid(os.getuid()) before reading user2_file
  2. regenerate the executable
  3. set suid for the executable chmod u+s executable

More details
The main idea is to change the effective uid of the process to the real uid

Learn about linux process affective, real and saved uid/gid: This link helped me
change the effective uid/guid as needed. This question can be helpful

0 + 0
raj avatar
cn flag
raj
Why make it so complicated, if the proper way is just to set the file permissions correctly?
1
Reply
us flag
Abdo Saied Anwar
Answered in a comment on the question itself
0
Reply
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.