Prev: abcde and flac cue sheets
Next: 2.6.32-trunk + Hardware failure.
From: Thomas Anderson on 2 Feb 2010 18:20
I'm trying to make a web page that has buttons to control my running
music player application "Amarok" (Amarok is a Debian package). I can
control it from the command line by issuing this command:

$ amarok -t

That command toggles the music on and off.

I run Apache2 on Debian Lenny and the command gets run as the user
www-data. That user (www-data) doesn't have access to my running
Amarok session so I tried to make a shell script that has the setuid
flag set (chmod 4755) but Debian doesn't allow script files to be set
setuid. So I created a binary and set the binary to setuid. The source
code for the binary is as follows:

##############

#include <stdio.h>
#include <stdlib.h>
#include <sys/types.h>
#include <unistd.h>

int main()
{
setuid( 1000 ); // uid 1000 == user tommy.
system( "id" );
system( "amarok -t" );

return 0;
}

##############

Then I compiled it with:

$ gcc ./tmusicall.c -o tmusicall

I chmoded it with:

$ chmod 4755

I changed user to www-data with:

$ su - www-data

Then I ran the binary:

www-data(a)todu:/home/tommy/test$ ./tmusicall
uid=1000(tommy) gid=33(www-data) groups=20(dialout),33(www-data)
: cannot connect to X server
www-data(a)todu:/home/tommy/test$

So we can see that the binary ran with uid tommy privileges, but still
cannot execute "amarok -t" properly.

I even ran these commands but still kept getting the ": cannot connect
to X server" error message:

$ xhost +localhost
$ xhost +Localhost

Why can't the binary execute "amarok -t" when it is confirmed that it
is indeed running as user "tommy"?

I've been at it for hours. Any ideas on how to proceed and perhaps
solve my problem?

--
Regards,

Thomas Anderson
"Quidquid latine dictum sit, altum sonatur"


--
To UNSUBSCRIBE, email to debian-user-REQUEST(a)lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster(a)lists.debian.org
From: Boyd Stephen Smith Jr. on 2 Feb 2010 18:50
On Tuesday 02 February 2010 17:14:31 Thomas Anderson wrote:
> Why can't the binary execute "amarok -t" when it is confirmed that it
> is indeed running as user "tommy"?

X doesn't authenticate connections based on uid. (For one thing, connections
need not be from the local machine. But uid is not used even on the same
machine.) Read the manpage for xauth(1) and see if you can figure it out.

> I've been at it for hours. Any ideas on how to proceed and perhaps
> solve my problem?

I've never figured it out, but I haven't spent that much time on it.

You might not need to set up the right xauth stuff anyway. KDE 3.x
applications could be controlled through dcop, and its authentication is
limited to "can you open my control socket", so it'll work as long as you can
switch to the correct uid. KDE 4.x applications can be controlled through
dbus, and its authentication is similar.

You can use the "dcop" utility to browse dcop sessions and make dcop calls.
You can use the "kdcop" graphical utility to browse dcop as well. The "qdbus"
utility is similar to "dcop", but for dbus. I'm not sure if there is a
"kdcop" equivalent for dbus yet.
--
Boyd Stephen Smith Jr. ,= ,-_-. =.
bss(a)iguanasuicide.net ((_/)o o(\_))
ICQ: 514984 YM/AIM: DaTwinkDaddy `-'(. .)`-'
http://iguanasuicide.net/ \_/
 | 
Pages: 1
Prev: abcde and flac cue sheets
Next: 2.6.32-trunk + Hardware failure.