How to run script with the privileges expected of the script’s general “intended user”

grouppermissionsprivilegestesting

During the development of a script, some bugs remain "latent" until the script is run by a different user. (For example, the script may access a file that only the person developing the script has access to.)

Is there a way to run the script with the same privileges that the "intended user" of the script would minimally have?

(Please note the question's wording. I specifically avoided writing "user with minimal privileges", because in some cases the "intended user" may be expected to more than "minimal privileges". The case that most readily comes to mind is the one where the "intended user" is expected to belong to a specific group.)

Of course, one simple solution would be to create a dummy user with the desired privileges, but this solution requires having user-creation privileges, which is not always the case. I'm interested in solutions that could be used even when creating a dummy user is not an option.

Best Answer

In those days of cheap virtual machines, not being able to create test users isn't usual.

You can run the program under a minimal environment: a sensible default PATH (usually /usr/local/bin:/usr/bin:/bin), HOME, and whatever the program needs. Set HOME to a subdirectory of your home directory or somewhere else altogether (e.g. under /tmp), populated with only the files that the program expects to find. This is already a first test against accidental environment dependencies. You may want to restrict the path to a /tmp/for-testing/bin containing only a few programs that are supposed to be enough, to test against accidental dependencies on third-party software. Still, a test in a default installation of some distribution would be more conclusive.

If the program needs access to some local files, you may nonetheless be able to test against unexpected dependencies on other files by playing with fakechroot. Create a directory containing everything the system may need (down to the linker and standard library), plus the program and its data files, and fakechroot into it (a real chroot would need root permissions).

Related Solutions

Bash – How to run part of a script with reduced privileges

Use a subshell: (su -c 'psql -U postgres -c "<command>"' postgres) > file

Inside the subshell you can drop permissions to do your work, but output is redirected to your original shell which still has your original permissions.

Bash – Shell/Bash script: Properly drop privileges

With zsh, if running as root and you set

EUID=1000

It will set the euid to 1000. The real uid will still be set to 0, so you can go back to EUID 0. Any program that you run would also be able to regain privileges by doing a setuid() but if the intent is to prevent unintentional damage as opposed to guard against malicious software, then that should be enough.

#! /bin/zsh -
GID=1000 # optional
EUID=1000 # drop *effective* privileges

some-potentially-harmful-command-that-doesnt-need-superuser

and-another

EUID=0 some-command-that-needs-superuser

more-non-privileged-commands

EUID=0 UID=1000 # now drop privileges with no coming back 
# alternatively:
# USERNAME=stephane # sets uid, gid, supplementary groups... based on the user db

Note that you can set EUID/UID... for the duration of a command with

UID=1000 the-command

But not UID or USERNAME if the-command is builtin or a function as zsh would not fork a different process so would not be able to restore the real userid.

You can also set EUID/UID/USERNAME in a subshell with:

(EUID=0 USERNAME=stephane; untrusted-application)

(we set EUID to 0 to be able to switch user afterwards).

Best Answer

Related Solutions

Bash – How to run part of a script with reduced privileges

Bash – Shell/Bash script: Properly drop privileges

Related Question