Permission denied error

[williey]

There is a program which runs only under root. I want to allow another group or user permission to execute the program. My ultimate goal is to let certain users execute the program under sudo.

For now, I'm getting "Permission denied" error when using a test account. This account is part of the Peri group and other is the secondary group. The /opt/vps/bin is owned by root and is under the group root.

What is the most restrict way to set this up to allow the test account access the program? I did not install the program so I do not know why its installed under root.

testPi@slovii1 {8} which tappman
/opt/vps/bin/tappman
testPi@slovii1 {9} /opt/vps/bin/tappman -c#mps.1 -p72 stop
tappman: Permission denied. Aborting!
testPi@slovii1 {11} ls -l /opt/vps/bin/tappman
  72 -rwxrwxr-x   1 root     other      36356 Aug 24  2005 /opt/vps/bin/tappman*
testPi@slovii1 {12} ls -l /opt/vps/bin/tappman
  72 -rwxrwxr-x   1 root     other      36356 Aug 24  2005 /opt/vps/bin/tappman*
testPi@slovii1 {13}

testPi@slovii1 {15}         getent group |more
root::0:bindvwrt
other::1:root,testPi
peri::100:
beoper::101:root
ivrsup::500:testPi

------------------------------------------
There are 10 kinds of people in this world. One that understands binary and the other one that does not.

 

[Annihilannic]

If your ultimate goal is to set it up to run under sudo... why don't you just do that? I don't understand why you are trying to run it under testPi directly if it only works as root, and if you plan to run it under sudo anyway?

Annihilannic.

 

[williey]

We had problem with linking to a library error when trying to run under sudo. ldd confirm the link to the library is fine.

testPeri@slosiv1 {2} sudo tappman -c#mps.1 -p72 stop
Password:
ld.so.1: tappman: fatal: libipcmt.so: open failed: No such file or directory
Killed

testPeri@slosiv1 {3} ldd /opt/vps/bin/tappman
        libpthread.so.1 =>       /lib/libpthread.so.1
        libipcmt.so =>   /opt/vps/lib/libipcmt.so
        libptools.so =>  /opt/vps/lib/libptools.so

------------------------------------------
There are 10 kinds of people in this world. One that understands binary and the other one that does not.

 

[Annihilannic]

Okay, in that case you probably need to set up a wrapper script to run the programme that sets up the appropriate environment variables. Perhaps it uses a custom LD_LIBRARY_PATH to identify the location of those variables? Check the env output under one of the users that is able to run the programme (even if the programme returns "Permission denied", at least it was able to locate its libraries). Then you can give sudo access to run that wrapper script.

Make sure that the script is only writeable by root, otherwise an unprivileged user could edit it and add any commands they liked to be run as root.

Annihilannic.

 

[williey]

Thanks! the wrapper script works out great!

------------------------------------------
There are 10 kinds of people in this world. One that understands binary and the other one that does not.