Changing the Owner of an Existing Process in Linux

Change owner of a currently running process

You cannot do that, there's no such syscall. However, depending on how you want to affect the process, you could try some hack if the process is not critical to your system. 

(gdb) attach process_id
(gdb) call putenv ("UID=1234")
(gdb) call putenv ("EUID=1234")
(gdb) call putenv ("GID=1234")
(gdb) detach

Note that this WILL NOT WORK:

(gdb) call setuid(1234)

This does not really answer to your question (change the owner of a running process), but considering that you may want to change the owner to affect something about the process, maybe this hack help.

Remember that it's very likely that this breaks your process.

(based on this:
Is there a way to change another process's environment variables?)

Changing the owner of an existing process in Linux

I am aware of kchuid which does exactly that, and although it appears abandoned, it doesn't look like it would be hard to bring up-to-date.

That said, the hosting company I work for does allow (on the shared hosting packages) users to run their own webserver- including Tomcat- on port 80. This is done using a tool called authbind which doesn't require the server start as root- but simply lets non-root users bind to selected IP addresses and selected ports.

The only catch is that authbind won't work with Java's network abstraction layer by default. You will need to disable Java's IPV6 support, and probably specify a specific IP address to bind to within your application. The former can be done by starting the JRE with -Djava.net.preferIPv4Stack=true but the latter is application-specific.

change user owner of process on Mac/Linux?

Well it's a little bit tricky... Depends if it's a daemon (service) or you run this command/app.

For the 2nd case you can use "su" command.
Here's a short example.

1. I create o simple script with following content (it will sleep in background for 100 seconds and will output the process list coresponding to this script):

#!/bin/bash
sleep 100 &
ps faux | grep test.sh

2. I run the "su" command like this (I'm currently logged in as "root" and I want to run this script as "sandbox" user):

su - sandbox -c ./test.sh

sandbox = the username that will run this command.
-c ./test.sh = means it will execute this command

3. Output (first column = the user that owns this process):

root@i6:/web-storage/sandbox# su - sandbox -c ./test.sh
sandbox  18149  0.0  0.0  31284  1196 pts/0    S+   20:13   0:00                      \_ su - sandbox -c ./test.sh
sandbox  18150  0.0  0.0   8944  1160 pts/0    S+   20:13   0:00                          \_ /bin/bash ./test.sh
sandbox  18155  0.0  0.0   3956   644 pts/0    S+   20:13   0:00                              \_ grep test.sh
root@i6:/web-storage/sandbox#

I hope it will help,
Stefan

Change back into a running process on Linux after you put it into the background

If it's started from current shell, use standard job-control e.g.

$ jobs

$ gedit &
[1] 3341

$ jobs
[1]+  Running                 gedit &

$ fg %1
gedit

Is it possible for a process in Linux to change another process's UID?

No, it is not possible for one process to change another process's UID. That would be a huge security problem if so. If you're in process A, you don't know what state process B is in, and you don't know if elevating privileges is safe at that point. Similarly, you could cause a privileged process to hog shared resources and deadlock other processes if you forced it to drop privileges unexpectedly, since it might fail in the middle of a critical section.

Even if you could somehow work around this, you'll still run into a race condition that your spawned process could execute any amount of code (how much, you don't know) as root before you can force it to drop privileges.

You should figure out what's spawning your processes and adjust it to either not spawn them as root or prevent it from spawning them at all.

What happens to already opened files when you change process ownership (uid/gid) in Linux?

When you open a file, your ability to do so is determined by your effective uid and gid at the time you open the file.

When you change your effective uid or gid, it has no effect on any open file descriptors that you may have.

In most cases, if you have a valid file descriptor, that's all you need to read or write the resource that descriptor is connected to. The fact that you hold the valid file descriptor is supposed to be all the proof you need that you have permission to read/write the underlying resource.

When you read or write using an ordinary file descriptor, no additional authorization checks are performed. This is partly for efficiency (because those authentication checks would be expensive to perform each time), and partly so that -- this may be exactly what you are trying to do -- you can open a privileged resource, downgrade your process's privileges, and continue to access the open resource.

Bottom line: Yes, it's entirely possible for a process to use an open file descriptor to read or write a file which (based on its current uid/gid) it would not be able to open.

Footnote: What I've said is true for ordinary Unix file descriptors connected to ordinary resources (files, devices, pipes, network streams, etc.). But as @Mark Plotnick reminds in a comment, some file descriptors and underlying resources are "different" -- NFS and Linux /proc files are two examples. For those, it's possible for additional checks to be performed at the time of read/write.

Change ownership and permission without terminal - Python

The prize goes to @intepidhero for proviving some useful links; the first one did the trick!

All you have to do is make sure that your user/group is in sudoers and put the folling code in the head of your script, and hey presto ... you are running your app elevated to sudo!

import os
import sys

euid = os.geteuid()
if euid != 0:
    print "Script not started as root. Running sudo.."
    args = ['sudo', sys.executable] + sys.argv + [os.environ]
    # the next line replaces the currently-running process with the sudo
    os.execlpe('sudo', *args)

print 'Running. Your euid is', euid

Related Topics

How Kernel Notify a User Space Program an Interrupt Occurrs

4Gb/4Gb Kernel Vm Split

How to Merge Two Seperate - Yet Similar - Codebases into One Svn Rep

How to Run Ionic in the Background

How to Print Current Time in Kernel

Bash Shell: Cannot Use Variable $ as a Path to Run Tar

High Availability Computing: How to Deal with a Non-Returning System Call, Without Risking False Positives

Ld_Library_Path Failing While Trying to Run Qt App

Substitution on Range of Lines

Syntax Error of ";; Unexpected" on Simple Init Script for Debian

Linux Perf Record: Difference Between Count (-C) and Frequency (-F) Options

Which Capabilities Are Needed for Statx to Stop Giving Eperm

How to Make a Bash String of Command with Redirect and Pipe

Automating Killall Then Killall Level 9

Webpack Build Fails with Gitlab-Ci

How to Deploy a Self-Building Docker Image to Make Changes to Itself in Respect to the Local Environment

How to Get the Offset in a Block Device of an Inode in a Deleted Partition

Top Command Output Is Empty When Run from Cron


Leave a reply



Submit