PDA

View Full Version : How to start/stop one program from another



Juggler00
November 9th, 2009, 02:48 PM
Here's what I'm trying to do (Jaunty server edition):

I would like to be able to start/stop one program from another. Specifically, I have installed Asterisk that runs as non-root user asterisk. I would like Asterisk (the program) to be able to launch a bash script with the following:


#!/bin/bash
sudo /etc/init.d/motion start

Motion is another program installed, running as non-root user motion.

What is the best way to accomplish this? I don't want to hard-code any passwords into the script.

cheers,
J.

A_Fiachra
November 9th, 2009, 04:27 PM
The problem is that sudo will ask for your password.


Another approach is to just call the program from a shell script and set a sticky bit on the shell script.

Sticky bit (http://www.beginlinux.org/mod/resource/view.php?id=347)

Arndt
November 9th, 2009, 05:00 PM
The problem is that sudo will ask for your password.


Another approach is to just call the program from a shell script and set a sticky bit on the shell script.

Sticky bit (http://www.beginlinux.org/mod/resource/view.php?id=347)

The link is fine, but you mean the SUID bit, not the sticky bit.

There have been security issues with setting the suid bit on a shell script in the past. Ubuntu may have solved them, I don't know. In case it hasn't, the thing to do is to write a small wrapper in for example C, and set the suid bit on it instead.

Juggler00
November 9th, 2009, 05:04 PM
How does setting the SUID bit on the script help? In Asterisk, I am calling the bash script... should I change the permissions on it?

Can you point to any examples of this?

cheers,
J.

matt1985
November 9th, 2009, 05:07 PM
Can you point to any examples of this?

A_Fiachra
November 9th, 2009, 07:11 PM
man chmod

Juggler00
November 10th, 2009, 03:05 PM
Thank you for your suggestions. I looked into SUID/SGID and found sites that related to adding a specific exception in the sudoers file.

Using sudo visudo, I appended the following line:
asterisk ALL = (root) NOPASSWD: /usr/share/asterisk/agi-bin/motion_start.sh

The script is as follows:
-rwxr-xr-x 1 asterisk asterisk 40 2009-11-10 08:42 motion_start.sh

and contains:
#!/bin/bash
/etc/init.d/motion restart

When I try to run the script:
$ sudo -u asterisk ./motion_start.sh

I get the following error message:
* Starting motion detection daemon : motion
start-stop-daemon: Unable to set gid to 1003 (Operation not permitted)

What am I missing?