I am writing a java program dor Oracle EBS that needs to switch user because of specific permissions defined on an user different than applmgr.
The approach we're taking is to have a java class that will switch user on a separate session and then will list the file from a folder that the new user has access.
Any options available?
So far I could create two shell script files and then I run these shell scripts, one that will store environment variables and the other one will actually switch user and list the files.
Appreciate your help.
you could change the group permissions on the file. You could start a System.process( "su user && cat file" ); You could have the other user copy the file to you using a cronjob...
You can try having Java launch a local command on the system then as part of that command launch another program (far from being very clean, but probably would work)
Check out this Class file for examples on launching local commands:
https://github.com/SnakeDoc/RPi_SerialGPS/blob/master/src/com/vanomaly/rpi/serial/gps/util/System.java
You should be able to use setuid - I expect there is a version available directly in Java, but otherwise, it shouldn't be that hard to make your own JNI code to do that.
However, it may be simpler to run a command that switches user (using su or sudo, for example) and then runs the required Java code.
Related
Using the various Java APIs I can implement the following shell commands in Java successfully: pwd, dir/ls, copy/cp, del/rm without invoking the shell itself to execute these command to for me.
E.g.,
case "pwd":
System.out.println(System.getProperty("user.dir"));
break;
case "dir":
case "ls":
File myDir = new File(System.getProperty("user.dir"));
String[] filesInDir = myDir.list();
for(String fn: filesInDir)
System.out.println(fn);
break;
The only basic command that is giving me trouble is "cd". Surely there must be an API function that would let me do this? However if there is I've missed it.
Note: I am not trying to execute anything external to the program, I simply want to be able to navigate the file system interactively for the duration of the program run and manipulate files in a very limited way via the API. In other words, this program emulates a very basic shell.
I've seen these question, but they haven't really helped, one states this is not possible, true?
How to change current directory in JAVA?
Changing the current working directory in Java?
Changing the current directory in Java to implement "cd" command in linux
Using Windows 7 with JDK 7.
There is no such api function but you can emulate it: store current directory in variable. During initialization assign this variable to System.getProperty("user.dir"). In all your methods use this variable. "cd" command should change this variable.
I am calling a C application (console only) from my Java application.
I am calling it with: Process proc = rt.exec("./Debug/CPP_CL --device 0");
The CPP_CL needs access to clinfo() hardware .. so the GPU hardware as its processing on the GPU's. Hence, in this case needs to run as sudo/root.
Its all working fine at the moment but only if I run the Java JAR as sudo. Currently for testing only the CPG is chmod 777 (I know bad).
What I would like to know is what’s the best way to do this ? Will the CPP run as SUDO if called by SUDO java ? Or does it need to be chmod'ed ? If so what’s the best chmod value ?
Thanks.
Running Java with root is, as you said, one possibilty, but not exactly good.
The usual chmod flags (rwx) too won´t help you.
Just call it with a sudo won´t solve anything. Usually, a password is required, and if the java program can enter it (ie. it knows the root password) ... well, then it´s the same as above again.
As said in the comments, you can add a exception to sudo, but there are some catches:
You can only specify a program/script file, but no parameter limitation. You will need a script file which calls ./Debug/CPP_CL --device 0 (better with full path) and add the batch file as exception.
Furthermore, you have to make sure that the script file can´t be modified by users (chmod of the file) and can´t be deleted (chmod of the containing directory). File modification would mean that the modifying user can put anything in it and run it as root, and deletion would let the user place another file there with this name = same effect. Given that, you can call with with sudo.
If you wnat to call it without sudo, make another script file which just calls file 1 with sudo.
Another possibility is the special chmod flag SUID on the program itself (if it is enabled/supported in your distro). But here again, you can´t limit the parameters.
About the data files: A file created by a root program will be owned by root. chmod/chown as root can change that. If you only need to read the file, default umasks will allow that on many systems (if the files are in not-only-root-directories like /root)
Answer:
https://unix.stackexchange.com/questions/18830/how-to-run-a-specific-program-as-root-without-a-password-prompt
This worked.. I was able to sudo from Java and with the above no PWD is required for that application.
Using Java,
How can I add environment variable permanently to the existing env variables.
so that when I do a restart operation for windows or Linux, this environment variable is still there.
You might want to take a look at this.
In Windows you can set a Path Variable from command line so it should do the trick.
I realize this is only applicable to Windows.
Not in any cross platform sort of way. In Linux, these are typically controlled via shell init scripts. You would have to edit one of those (which one depends on the user, system, and shell type). In Windows, this is controlled via system configuration (i'd imagine there are some windows specific APIs to modify those).
coppy the path of jdk upto C:\Program Files\Java\jdk1.6.0\bin from program and past in user variables and put ;.; at the end and give name .
and in system variables click on new and enter the name and past the path....and save ...
go to command prompt
..
to check current paths >echo %path%
to set path >set path="C:\Program Files\Java\jdk1.6.0\bin" enter ok now check and run java program
Environment variables are platform specific. Windows stores them in Registry.
*In the registry the User environment variables are stored at
HKEY_CURRENT_USER\Environment
and the System environment variables are stored at
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment
(from http://demins.blogspot.co.il/2007/10/where-does-windows-xp-store-evrironment.html)*
There are a lot of ways to access windows registry from java. You can for example execute command line using utility named reg that has a reach command line. You can also use one of interoparability APIs like JaWin, Jinterop, Jintegra. You can also refer to my solution explained here.
On linux you can use command line like export MYVAR=myvalue. I mean execute this command line from java using Runtime.exec() or ProcessBuilder. The problem is that this variable will not become really persistent. It will be visiable for all users until the computers is restarted. To make it really persistent you have to modify user login script (e.g. bashrc file for most linux systems if users's default shell is bash).
I am running Ubuntu 11.04.
I am trying to use a "C" execlp program to run a Java program, and then I want to setuid on the "C" program so the Java program can execute as root. There is an example of this here:
http://www.coderanch.com/t/110254/Linux-UNIX/setuid
I followed the example to the letter except instead of being the tomcat user, I used root.
Root is able to execute the "C" program which in turn executes the Java program. And, before giving root ownership, the User (me) can run the "C" program which executes the Java program. But once I setup to use setuid, and the User tries to execute the program. I get what seems to be an LD_LIBRARY_PATH type of error:
java: error while loading shared libraries: libjli.so: cannot open shared object file: No such file or directory
The libjli.so file exists under the Java JRE. Both the User and Root can see this file when they run individually. But the User cannot see it when he runs the program after setuid to root has taken place.
Is there some different way that root's LD_LIBRARY_PATH gets set when a setuid program executes? Is this an interactive vs. non-interactive problem?
Any ideas? Thanks in advance.
As the LD_* environment variables can be used to load code into a process, they are all ignored by setuid binaries. You will probably need to make the setuid binary a wrapper which executes the C program.
Setting the setuid bit on a file will change the process's effective UID but not the real UID. The dynamic linker will check to see if EUID ≠ RUID, and if so, it will ignore all environment variables. Your wrapper will have to filter the environment variables itself (important!) and once done, change the real UID to match the effective UID.
Warning: Don't forget to scrub the environment variables well, unless you are okay with giving everyone on the box full root access.
To work around the LD_* environment constraints on setuid programs, on most POSIX systems you should be able to do this within your wrapper code:
setreuid(0, 0);
which will set both the real and effective UIDs to be root, although this will only work if the program itself was started with the setuid bit enabled.
I wouldn't do it, though.
Look at why your Java program needs to run as root, and see if there are better ways to give it the privileges it needs without actually running as root.
I am trying to run a perl command with Java runtime exec in linux/ubuntu/gnome. The command generates an pdf file, but it saves it in my home folder. Is there any way that the exec method can set an output path for the commands executed? Thanks in advance.
The exec method just runs the command on the operating system, so you'll want to change the command you're running with exec more than anything in "Java" per se.
There are a few possibilities:
Change the working directory of your java program. The .pdf is being saved in your working directory because this is where the program is being run.
Unfortunately it's not simple to change this value after the program has been launched. It is, however, trivial to change before the program starts; just change the working directory before starting the program.
Move the file to it's desired location after it's been created in your home directory.
Change the command so that it includes the target location. Your perl script may have an option that will enable you to save it's output to a certain location (usually -o or --output). Using this your program would change from:
Runtime.exec("perl someprogram");
to something like:
Runtime.exec("perl someprogram -o /path/to/some.file")
You might be able to use "output redirection", if there is no option to do this.
Try something like what's below as your argument:
Runtime.exec("perl someprogram > /path/to/some.file")
Unfortunately, without knowing more details of your situation I can't provide more concrete advice.
While each approach has benefits and drawbacks, it's probably best to just implement the one that you understand best; if you can't get one to work, try another.
A good, free online resource for learning is Introduction to Linux: A Hands On Guide.
Section 2.2 has details on cd which you can use for 1..
Section 3.3, section 3 teaches about the mv command, which will be useful in 2..
Section 5.1 is about I/O redirection. Knowing about "output redirection" and the > operator, are important for 4..
For 3., you'll have to consult the documentation of the perl program you're using.
You could modify the Perl script to accept an absolute path for the output.
You can trying setting the working directory using exec(java.lang.String[], java.lang.String[], java.io.File) where File is the directory the command is executed from.
If all else fails, you'll can always copy the generated file from the Home directory to your final location.