I am trying to run a unix command from Java using java.lang.Process class. How can we pass a specific user so that the command executes with the permissions of that specific user ? I don't want to execute the command with a superuser.
6
- AFAIK You can't do that. The process is forked from the current process and runs with the Java process' user.Sotirios Delimanolis– Sotirios Delimanolis2013-09-27 14:31:50 +00:00Commented Sep 27, 2013 at 14:31
- 2Wouldn't that defeat the very purpose of having security and permissions?Aniket Thakur– Aniket Thakur2013-09-27 14:33:01 +00:00Commented Sep 27, 2013 at 14:33
- I don't think it's possible -> unix.com/shell-programming-scripting/…blgt– blgt2013-09-27 14:33:56 +00:00Commented Sep 27, 2013 at 14:33
- @AniketThakur it does not defeat the purpose, imagine a process that want's to downgrade it's rights (e.g. apache daemon runnig from root, or some other) in order not to allow an attacker to break in, that process changes it's user.Claudiu– Claudiu2013-09-27 14:45:35 +00:00Commented Sep 27, 2013 at 14:45
- @csoroiu That is the point. Yes you can do whatever you want from the root/SU but from one user you cannot execute the process in the name of other user who has it's execution rights(which you don't). Try creating a file in /tmp and then try to view it by ls from another user.Aniket Thakur– Aniket Thakur2013-09-27 14:51:26 +00:00Commented Sep 27, 2013 at 14:51
| Show 1 more comment
3 Answers
You could use a ssh session, that logs with the user you know its password and run a specific command.
E.g. using java shell JSch
or
or
I found a good thread here by the way: Jsch or SSHJ or Ganymed SSH-2?
1 Comment
Angelo Fuchs
I can't see how sudo would help you here.
You could start a login command first and then input credentials into it.
I would guess that starting su - [USER] should do the trick.
After reading through apropos user I came across the pkexec command which should do what you need.
1 Comment
Claudiu
this can be tried, additionally you could send programatically the password to the
su - command, haven't tried but could work.You can run a new shell and execute commands which will switch to another user and then run the programm
answered Sep 27, 2013 at 14:39
Evgeniy Dorofeev
137k31 gold badges209 silver badges288 bronze badges