0

I am trying to run a unix command from Java using java.lang.Process class. How can we pass a specific user so that the command executes with the permissions of that specific user ? I don't want to execute the command with a superuser.

Mandar K
  • 333
  • 4
  • 15
  • AFAIK You can't do that. The process is forked from the current process and runs with the Java process' user. – Sotirios Delimanolis Sep 27 '13 at 14:31
  • 2
    Wouldn't that defeat the very purpose of having security and permissions? – Aniket Thakur Sep 27 '13 at 14:33
  • I don't think it's possible -> http://www.unix.com/shell-programming-scripting/25282-how-run-command-some-other-user-id.html – blgt Sep 27 '13 at 14:33
  • @AniketThakur it does not defeat the purpose, imagine a process that want's to downgrade it's rights (e.g. apache daemon runnig from root, or some other) in order not to allow an attacker to break in, that process changes it's user. – Claudiu Sep 27 '13 at 14:45
  • @csoroiu That is the point. Yes you can do whatever you want from the root/SU but from one user you cannot execute the process in the name of other user who has it's execution rights(which you don't). Try creating a file in /tmp and then try to view it by ls from another user. – Aniket Thakur Sep 27 '13 at 14:51
  • Please have a look at my edited answer. – Angelo Fuchs Sep 27 '13 at 14:58

3 Answers3

2

You could use a ssh session, that logs with the user you know its password and run a specific command.

E.g. using java shell JSch

or

Expect4J

or

Ganymed-ssh-2

I found a good thread here by the way: Jsch or SSHJ or Ganymed SSH-2?

Community
  • 1
  • 1
MrSimpleMind
  • 7,890
  • 3
  • 40
  • 45
1

You could start a login command first and then input credentials into it.

I would guess that starting su - [USER] should do the trick.

After reading through apropos user I came across the pkexec command which should do what you need.

Angelo Fuchs
  • 9,825
  • 1
  • 35
  • 72
  • this can be tried, additionally you could send programatically the password to the `su -` command, haven't tried but could work. – Claudiu Sep 27 '13 at 14:43
0

You can run a new shell and execute commands which will switch to another user and then run the programm

Evgeniy Dorofeev
  • 133,369
  • 30
  • 199
  • 275