I need to call a 3rd party library function with root privileges. I'm not sure how to accomplish this from within Rcpp. If I was writing an executable, I could call seteuid to elevate privileges before calling the external function, and set the suid bit on the executable. But given that this needs to be done from within a Rcpp Library, I'm not sure how to do this. The last thing I want to do is run R as root or set suid on the R binary. Any help / pointers would be greatly appreciated. thanks Bhaskar -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.r-forge.r-project.org/pipermail/rcpp-devel/attachments/20150315/4c70d677/attachment.html>
[Rcpp-devel] How to elevate privilege from within Rcpp?
5 messages · Bhaskar V. Karambelkar, Dirk Eddelbuettel
On 15 March 2015 at 15:48, Bhaskar V. Karambelkar wrote:
| I need to call a 3rd party library function with root privileges. | I'm not sure how to accomplish this from within Rcpp. I dont think you can ... | If I was writing an executable, I could call seteuid to elevate privileges | before calling the external function, and set the suid bit on the executable. | But given that this needs to be done from within a Rcpp Library, I'm not sure | how to do this. The last thing I want to do is run R as root or set suid on the | R binary. ... unless you run R with suid bits, which you shouldn't as you rightly point out. Rcpp is standard C/C++ code. So the wisdom of 'man seteuid' still applies: seteuid() sets the effective user ID of the calling process. Unprivileged user processes may only set the effective user ID to the real user ID, the effective user ID or the saved set-user-ID. | Any help / pointers would be greatly appreciated. You may have to call a small self-contained executable which may then have a suid bit set. Dirk
http://dirk.eddelbuettel.com | @eddelbuettel | edd at debian.org
Thanks Dirk, I was afraid of that, but glad that you confirmed it. In the mean time I've figured out a way that may not require root :) thanks again Bhaskar
On Sun, Mar 15, 2015 at 4:14 PM, Dirk Eddelbuettel <edd at debian.org> wrote:
On 15 March 2015 at 15:48, Bhaskar V. Karambelkar wrote: | I need to call a 3rd party library function with root privileges. | I'm not sure how to accomplish this from within Rcpp. I dont think you can ... | If I was writing an executable, I could call seteuid to elevate privileges | before calling the external function, and set the suid bit on the executable. | But given that this needs to be done from within a Rcpp Library, I'm not sure | how to do this. The last thing I want to do is run R as root or set suid on the | R binary. ... unless you run R with suid bits, which you shouldn't as you rightly point out. Rcpp is standard C/C++ code. So the wisdom of 'man seteuid' still applies: seteuid() sets the effective user ID of the calling process. Unprivileged user processes may only set the effective user ID to the real user ID, the effective user ID or the saved set-user-ID. | Any help / pointers would be greatly appreciated. You may have to call a small self-contained executable which may then have a suid bit set. Dirk -- http://dirk.eddelbuettel.com | @eddelbuettel | edd at debian.org
-------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.r-forge.r-project.org/pipermail/rcpp-devel/attachments/20150315/fd99a6f1/attachment.html>
On 15 March 2015 at 16:26, Bhaskar V. Karambelkar wrote:
| I was afraid of that, but glad that you confirmed it. In the mean time I've | figured out a way that may not require root :) Hah! If there is a generalizable trick worth sharing then please don't hold back and tell us. Dirk
http://dirk.eddelbuettel.com | @eddelbuettel | edd at debian.org
Nope I'm afraid no generalization trick. Basically I needed to open a RAW socket which requires root access, but reading up on socket man page, I see that now I can open a ICMP socket which is a new addition, and doesn't require root and yet do what I want to do. So just something that works for my particular case. thanks Bhaskar
On Sun, Mar 15, 2015 at 4:34 PM, Dirk Eddelbuettel <edd at debian.org> wrote:
On 15 March 2015 at 16:26, Bhaskar V. Karambelkar wrote: | I was afraid of that, but glad that you confirmed it. In the mean time I've | figured out a way that may not require root :) Hah! If there is a generalizable trick worth sharing then please don't hold back and tell us. Dirk -- http://dirk.eddelbuettel.com | @eddelbuettel | edd at debian.org
-------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.r-forge.r-project.org/pipermail/rcpp-devel/attachments/20150315/3b7b7b07/attachment.html>