call halt/reboot as user

Denys Vlasenko vda.linux at googlemail.com
Mon Jan 3 14:40:48 UTC 2011


On Mon, Jan 3, 2011 at 3:06 PM, Arno Steffen
<arno.steffen at googlemail.com> wrote:
> Thanks for quick help!
>
> I updated busybox with latest stable version by compile and cp via ftp
> to /usr/bin
> Then I did an "./busybox --install -s" to create the new links.
>
> I did a "chmod 4755 /bin/busybox" -> login works.
> As sudo is not implemented in my system (and not part of busybox) and
> a new user is to uncomfortable your 3rd approach looks best.
>
> I checked here
> user at ubu:/opt/src/busybox-1.18.1$ find . | xargs grep BB_SUID_DROP | grep halt
> ./include/applets.h:IF_HALT(APPLET(halt, _BB_DIR_SBIN, _BB_SUID_DROP))
> ./include/applets.h:IF_HALT(APPLET_ODDNAME(poweroff, halt,
> _BB_DIR_SBIN, _BB_SUID_DROP, poweroff))
> ./include/applets.h:IF_HALT(APPLET_ODDNAME(reboot, halt, _BB_DIR_SBIN,
> _BB_SUID_DROP, reboot))

include/applets.h is a generated file. You do not need to touch it.

> ./init/halt.c://applet:IF_HALT(APPLET(halt, _BB_DIR_SBIN, _BB_SUID_DROP))
> ./init/halt.c://applet:IF_HALT(APPLET_ODDNAME(poweroff, halt,
> _BB_DIR_SBIN, _BB_SUID_DROP, poweroff))
> ./init/halt.c://applet:IF_HALT(APPLET_ODDNAME(reboot, halt,
> _BB_DIR_SBIN, _BB_SUID_DROP, reboot))
>
> I guess I have to replace BB_SUID_DROP in all 6 lines.


> There is just one open question: What is the disadvantage or
> side-effect of setting busybox to be setuid.

None I know of. Most applets drop suid privileges immediately.
Setting busybox suid root is a standard practice, otherwise
some programs (login, traceroute, su, mount) will not work
for non-root users.

-- 
vda


More information about the busybox mailing list