1

I'm running an Ubuntu 16.04 LTS system. The entire system is contained in one partition (/dev/sda1). I'm trying to write a tool in C++ that runs as root and uses the 'su' command to run a command for the user of the tool to achieve a particular task. The reason I want the tool to run as root is that I want to avoid the password request of 'su' for the user. (In a terminal, if logged in as root, 'su' to another user never requests a password. I'd like to have the same behavior from within the C++ program.)

If I were to go into detail, I want to allow the mounting of a user's google drive, whose mounting options (including its mount point) are expressed in an entry in the /etc/fstab file, by a mount command issued by the user. I found a tool that mounts a google drive to a specified mount point in this TechRepublic article[1]. I have run the tool as a regular user to allow it to access my google drive and can successfully run the tool to mount the drive. I wanted to automate this by putting an entry in the /etc/fstab file and discovered that it was possible in this answer[2] to a related question so I wrote the following C++ code, compiled it, gave ownership of its executable to root, set the executable's setuid bit and put it in the /usr/local/sbin directory (as /usr/local/sbin/mount-google-drive).

[1] http://www.techrepublic.com/article/how-to-mount-your-google-drive-on-linux-with-google-drive-ocamlfuse/

[2] https://stackoverflow.com/a/8108474/7842054

//mount-google-drive.cc
#include <iostream>
#include <cstdlib>
#include <string>

int main(int argc, char* argv[])
{
  if (std::system("which google-drive-ocamlfuse > /dev/null"))
  {
    std::cout << argv[0] <<
      " needs 'google-drive-ocamlfuse' to mount the drive." << std::endl;
    return 1;
  }

  if (argc < 3)
  {
    std::cout << "Usage: " << argv[0] <<
      "<label> <mount point> [google-drive-ocamlfuse options]" << std::endl;
    return 0;
  }

  // Compile the mount command.
  std::string mount_command = (std::string) "google-drive-ocamlfuse -label " +
    argv[1];
  for (int i = 2; i < argc; i++)
  {
    mount_command += (std::string) " " + argv[i];
  }

  std::string system_command = (std::string) "su $USER -l -c \"" + mount_command + "\"";

  // Output the compiled command
  std::cout << system_command << std::endl;

  // Run the mount command to mount the google drive for the user.
  std::system(system_command.c_str());

  return 0;
}

I then placed this entry in the /etc/fstab file:

# This is to allow the 'GoogleDrive' remote filesystem to be mounted locally
mount-google-drive#default  /media/GoogleDrive     fuse    user,noauto     0       0

And created the /media/GoogleDrive mount point accessible to my regular user account.

With these changes, I can run 'mount /media/GoogleDrive' as a regular user, but, as a regular user, I always get prompted for my password.

My ultimate goal is to allow a drive mounting app on my gnome desktop to mount the google drive. The app only recognizes entries in the /etc/fstab file.

As far as running a tool as root, am I right in understanding that having the tool owned by root and having its setuid bit set would make the tool run as root? Does this then mean that running 'su' within that tool would remove the password request for the user? Any help would be greatly appreciated.

Community
  • 1
  • 1
José A.
  • 27
  • 5
  • If you need root access, then your code should simply require that it be run as root -- forget about invoking su and/or sudo. That said, this code looks like something that would be simpler if it were a shell script instead of a C++ program, since it's essentially just running a bunch of shell commands. – MrEricSir Apr 10 '17 at 00:19
  • Why not just add the `user` option in fstab? That lets a regular user do the mount. – stark Apr 10 '17 at 00:30
  • Yes, initially it was a script. However, I found that shell scripts don't necessarily respect their setuid bits: http://unix.stackexchange.com/questions/364/allow-setuid-on-shell-scripts. I have an app installed on my gnome-desktop that allows me to mount my disks, etc., but an entry must exist for the drive in the /etc/fstab file. I'd like to use the app to mount the google drive. I can't think of another way to achieve this. – José A. Apr 10 '17 at 00:30
  • The user option is already in the fstab entry. What I'd really like to do is to avoid the 'su' password request. – José A. Apr 10 '17 at 00:33
  • Make up your mind. If it runs as root you don't need the `su` command. – user207421 Apr 10 '17 at 01:57
  • I am not trying to 'su' to root. Assuming that the program runs as root (because of the setuid bit), I'm trying to 'su' to the user that "issues" the mount command through the /etc/fstab entry. As I wrote in the original post, on a terminal, su'ing from root to a regular user does not require a password. I'm hoping to do the same from the C++ program. Does that make sense? – José A. Apr 10 '17 at 04:33

0 Answers0