How to execute a command that requires root permission without sudo

rootsudo

I'm trying to execute traceroute -d being authenticated as a "standard" user with sudo privileges. However if I run sudo traceroute -d it will be execute by the root user so I'm wondering how can I execute it as the standard user.
I've tried several ways to make the user basically a super user (aka root) but without success.

The only thing that worked was to change the uid and group id to 0 on /etc/passwd but that changes the user "identity" to "root". E.g. if I run whoami I get "root" instead the "standard" user name.

The reason why i need this is that I have some networking routing based on the –uid-owner and now I'm trying to debug it but it doesn't make sense to run with sudo b/c it would be execute as "root" user which has other routings.

Best Answer

traceroute need not run as root; it just needs the capability CAP_NET_ADMIN. Thus you can set this as file capability for the file and then traceroute will always have this capability (for all users, though), if your kernel supports file capabilities and no Linux Security Module (SELinux, AppArmor) is blocking it:

setcap CAP_NET_ADMIN+ep /usr/sbin/traceroute

While traceroute is running you can see its capabilities with pscap. This does not affect the UID/EUID of the process.

I don't know how to do that but AFAIK it is possible, too, to use AppArmor (and probably SELinux) to run a process with certain capabilities. The main task is, of course, to limit the available capabilities.

Related Solutions

Ways to execute shell command as root

There are several sudo-like tools (calife, op, super, …) — see How do I run a command as the system administrator (root) — but you could spend your life on unix systems without encountering them (they've all been displaced by sudo). In practice, if you need to call scripts as root, either arrange for all your machines to have passwordless sudo, or to allow ssh logins as root. There's not much of a security difference between the two: either way, the script must have all the credentials necessary to reach the root account.

If you only want your scripts to be able to execute specific commands, use specific entries for these commands in /etc/sudoers, or specific keys with a command= line in ~root/.ssh/authorized_keys.

Shell – How to retroactively make a script run as root

Test if you are root, and if not, restart with sudo, for example:

#! /bin/bash

if [[ $EUID -ne 0 ]];
then
    exec sudo /bin/bash "$0" "$@"
fi

Best Answer

Related Solutions

Ways to execute shell command as root

Shell – How to retroactively make a script run as root

Related Question