I created a program which needs administrator privileges to be executed (in this program I am using a port which is <1024).
So I use this command to execute:
sudo java -jar example.jar
In my program I try to create a folder in this path:
Paths.get("/home/" + System.getProperty("user.name"))
The problem is that System.getProperty("user.name") answers with "root" and so my new directory is in "/home/root/", but I want it in "/home/my_username".
My question is: how can I discover my username and then create the new folder in the right path?
You can change from
Paths.get("/home/" + System.getProperty("user.name"))
to the user.home System Property like
Paths.get(System.getProperty("user.home"))
If you do
sudo whoami
it responds with
root
however if I do
sudo bash -c 'echo $SUDO_USER'
I get
peter
You do this from Java with
String user = System.getenv("SUDO_USER");
if (user == null)
user = System.getProperty("user.name");
Linux user name is normally bound to the USER environment variable at login(1) time. The best approach is to use this variable, as other means (running who(1) or id(1) command for example) all do inspect it (using the uid as parameter, to scan files for it). The same applies for HOME and SHELL variables. All of these are collected by login(1) on authenticating the user (or by the PAM libraries) and get propagated to all derived processes through the environment.
The weird fact is that you can have several usernames bound to the same uid, and not using the environment can lead you to getting the wrong answer (if you scan the /etc/passwd file with your uid as argument, you can get to a different passwd(5) file entry ---of course, with the same did) Use:
String username = System.getEnv("USER");
for it.
On other side, if you have created a new session (with sudo(1) command or similar) and switched both uid and euid and the environment has been changed (reinitialised), how you distinguish this from a proper login made by root account. In that case there are no traces that the process were invoked by a non-root user.
Related
I am writing a Java application in which (among other stuff) I'd mount a external device, do some copying, and then unmount it.
//I am mounting several devices in created dirs named sdb, sdc... according to the partitions
String[] command = {"gksu", "mount", "/dev/sd" + letter + "1", "mounter/sd" + letter};
Runtime.getRuntime().exec(command);
This works fine both in the terminal and in my program.
To unmount faster, I thought about using umount -a but gksu umount -a doesn't work in the terminal and consequently not in the Java program. sudo umount -a does work in the terminal, but not in the application. Meanwhile, I got it to work by unmounting the devices 1 by 1, but it would be cleaner if I could get umount -a to work someway.
If you understand why either gksu doesn't work with umount or sudo with Runtime.exec(), I'd take your explanation.
Thanks
I feel the problem is sudo not asking me for a password, as gksu does. But I don't know how to give it a password.
This is very likely the case.
There are a couple of different possible situations here, and each I think has it's own solution:
The user running the program (in the case of a desktop app) already has privileges to run the commands you need. - Prompt the user to enter their password and pass it to sudo through stdin using the -s flag. Check out the sudo man page for more. This is simple and ensures that your application doesn't have greater access than the user running it.
If your application needs to run with different privileges than the user has, or if this is running on a server, then the application should be run as it's own System User. You can then use visudo to give that system user the ability to run ONLY the commands you need without requiring a password. Just be very cautious about editing the sudoers file. I recommend adding it as a separate file and just linking to it in the actual sudoers so that it's easier to undo later.
I'm putting together a tool to automate some of my git tasks, but I'm running into a problem where "git commit" prompts for user name and password.
I can do git add, rm, status ok, but not commit.
This is running git via Runtime.exec() from java.
Runtime.getRuntime().exec("git " + cmd, new String[0], mDir);
My current test is on MS Windows. running git commit from the command line works just fine. Only when running via the exec() call does it prompt for user/password.
I did do the git config --global to set both user name and password previously.
So, why is it prompting me?
--Added 2/13
This is with a local git directory, not using a remote repository.
Okay, here is the exact error msg that GIT is reporting to me:
git commit -F -
*** Please tell me who you are.
Run
git config --global user.email "you#example.com"
git config --global user.name "Your Name"
to set your account's default identity.
Omit --global to set the identity only in this repository.
fatal: unable to auto-detect email address (got 'Cougar#COUGAR-HOUSE.(none)')
Is your HOME environment set in the java runtime? If not, git won't know where to find your global .gitconfig file (normally %HOME%.gitconfig)
The password configure will not be used by git so that's not why things are working at the command line. What's more likely is that you set up your SSH keys to allow you to access your server without a password. This works at the command line but probably not when run from Java exec due to the environment being different.
You could try debugging the environment, I'm not sure what you need to do on Windows. Alternatively you could try configuring core.askpass. From the git config man page:
core.askpass
Some commands (e.g. svn and http interfaces) that interactively ask for a
password can be told to use an external program given via the value of this
variable. Can be overridden by the GIT_ASKPASS environment variable. If not
set, fall back to the value of the SSH_ASKPASS environment variable or,
failing that, a simple password prompt. The external program shall be given a
suitable prompt as command line argument and write the password on its
STDOUT.
I'm using the followig code to run a command from my Java App:
String cmd[] = {"sh","-c", "sudo chmod 777 -R " + path};
Terminal.runCommand(cmd);
I'd like to execute the .jar just by click in it and choose "Open with.." -> "Java";
The problem is that the app keep wating for a password because of the "sudo" command, but no terminal is called, the user can't give the password..
So, how could I call the coomand above AND a terminal to give the user a chance to insert the password and the application finally keep going?
Thank very much!
This is a sudo question, not a Java one; sudo does things as root. Your process doesn't have root priviledges, so sudo needs to authenticate the human being. That's a feature, not a bug. The system is not supposed to allow you to run root commands.
One option might be to use gksu instead, which is shipped by default on some distributions. It works similarly, but will pop up the password dialog in the GUI instead of on the (in this case non-existent) terminal.
Another might be to simply run your Java process as root, with all the security implications that might have. In some situations that can be a valid choice, but be careful.
Or you can check the man page for sudo and sudoers -- it's possible to configure accounts not to require a password, and to limit them to particular commands when they do.
I'm trying to change the user of the child process to a user with minor privileges
but when i execute the start method of ProcessBuilder the subprocess exec with the same user of the parent
LinkedList<String> commands = new LinkedList<String>();
commands.add("vlc");
ProcessBuilder builder = new ProcessBuilder(commands);
Map<String,String> enviroment = builder.environment();
enviroment.clear();
enviroment.put("USER", "otheruser");
enviroment.put("LOGNAME", "otheruser");
enviroment.put("PWD", "/home/otheruser");
enviroment.put("HOME", "/home/otheruser");
enviroment.put("USERNAME", "otheruser");
enviroment.put("SHELL", "/bin/false");
builder.directory(new File("/home/otheruser"));
Process process = builder.start();
process.waitFor();
I'm working in Linux(Ubuntu)
Jim is absolutely right.
But if you still want to run your program as different user you have to user platform dependent tools.
Windows:
use runas command, e.g.: runas /user:domain\jamesbond regedt32.exe
Unfortunately runas requires from user to type password manually.
The following article explains how to work around the problem:
http://www.windowsnetworking.com/kbase/WindowsTips/WindowsXP/AdminTips/Miscellaneous/RunprogramsasanotheruserinWindows2000WindowsXP.html
Alternatively you can write your own utility in VBS and run it from java. See this post for details: http://weblogs.asp.net/hernandl/archive/2005/12/02/startprocessasuser.aspx
Unix:
see reference of su and sudo.
su is fine but it requires password too (unless current user is root).
To work around this you can create expect script (see http://en.wikipedia.org/wiki/Expect).
Expect is installed on most unix distributions by default.
Good luck!
You cannot change the effective user just by passing in a different USER environment variable. This is a security feature of Linux (and Unix in general), otherwise a malicious user could just set the USER variable to ROOT. Subprocesses always execute as the same user as the parent unless the executable is marked setuid or the process does a setuid() to change the effective user (and the setuid() is allowed).
I was wondering How to execute java Application with different userName and password.
For example:
Right now: When I do,
System.getProperty("user.name");
I get user1.
But I want to program in such a way that it says user2.
Can somebody help me How to accomplish this with Java or bat files.
Any kind of help is appreciated.
The java system property user.name is set by the operating system. So if you login as a different user and start you're java program, it will run under that username.
But You can also change the user under which you execute an program (if you have sufficient rights for it!).
Linux: use the sudo command
sudo -u user2 java yourprogram
(but you need to have sudo rights, for example by being root)
Windows use the runas command:
runas /user:domain\user2 java yourprogram
You can override this value, the same as any other system property with
java -Duser.name=my-new-user
or
System.setProperty("user.name", "my-new-user");
Note: neither solution changes the user-id of the process, just the value returned by System.getProperty("user.name");
You need to switch to user2 (su user2 on linux), then run your program.
If you're doing this on Windows, you can use the runas command in a batch file to run in the context of a different user. On a Unix/Linux system, you can use the su command.