Is it possible to run a program as a specific user but with root permissions?

I'm doing development with PyCharm, doing development on a script that uses the scapy module for Python to do port scans, sniff traffic, and build raw packets. This, of course, requires root permissions, and so I run PyCharm as root (Yes, I'm aware of the security issues this presents).

The problem is, when PyCharm contacts the company license server, it submits the current username, which of course, ends up being "root", and the license server rejects my request. If I don't launch PyCharm as root, then it submits my actual username and successfully gets a license, but then I can't run my script because it needs root permissions to do the things it does.

Is there a way to make PyCharm run and submit my actual username to the license server, but then have root privileges, without just editing my account to give myself root permissions?

Sohcahtoa82

Posted 2014-06-06T17:52:59.497

Reputation: 121

Answers

How about running PyCharm on your local machine, as yourself, and doing your development inside a container, such as one provided by Vagrant (natively supported in PyCharm) or Docker (supported via plugin)?

wjv

Posted 2014-06-06T17:52:59.497

Reputation: 691

This worked for me (http://esmithy.net/2015/05/05/rundebug-as-root-in-pycharm/). You essentially create a different interpreter for python which is a shell script that calls python with sudo. When it talks about creating a sudoers file (/etc/sudoers.d/python) I had to add the line Defaults!/usr/bin/python2.7 !requiretty to enable execution without a tty.

Orrin Stimpson

Posted 2014-06-06T17:52:59.497

Reputation: 1

Three years late to the party, but the standard Linux (and BSD and MacOS) command logname would have the desired result.

My-Mac:~ devin$ logname
devin
My-Mac:~ devin$ sudo logname
devin
My-Mac:~ devin$ sudo su -
My-Mac:~ root# echo $USER
root
My-Mac:~ root# logname
devin

I believe logname looks at the tty of the starting process, so I'm not sure this would work for a totally headless program (e.g. one that runs on startup). It does work if you start and then detach the program via nohup.

My-Mac:~ root# nohup logname
appending output to nohup.out
My-Mac:~ root# cat nohup.out
devin

Devin R

Posted 2014-06-06T17:52:59.497

Reputation: 196

I imagine sudo would be perfect for this. As a quick test:

$ echo $USER
halosghost
$ sudo echo $USER
[sudo] password for halosghost:
halosghost

That is, I have hightened permissions, but maintain my user's identity. The -E flag may also be particularly useful. It makes sure the environment variables are preserved during execution.

HalosGhost

Posted 2014-06-06T17:52:59.497

Reputation: 349

The reason why you are seeing the results you are seeing is that the shell expands environment variables before passing them to the command. Since you are using sudo, the shell cannot use the echo builtin (as far as the shell is concerned, echo is just one more parameter to sudo). So the shell expands $USER to halosghost (your username), then executes sudo with parameters echo and halosghost. In turn, sudo sets the security context and then executes echo with the parameter halosghost. Congratulations, you just ran (most likely) /bin/echo as root. – a CVn – 2016-04-12T12:50:18.837

I was using sudo before and it wasn't working. PyCharm started, but couldn't get a license from the server. I did it now and it worked. It might be worth mentioning that while doing "sudo echo $USER" does show my username and not root, "sudo whoami" tells me I'm root.

EDIT: I'm wondering if there's someone else in the company also using PyCharm as root, and my license request was failing because someone else was already holding the license using "root" as the username. I'm not sure exactly how PyCharm's floating licenses work. – Sohcahtoa82 – 2014-06-06T20:35:49.667

It would be helpful to know how PyCharm detects your username. – HalosGhost – 2014-06-06T20:40:45.183

Indeed it would. From within PyCharm, I opened a Python console and used it to check environment variables, and LOGNAME, USERNAME, and USER are all "root". SUDO_USER is of course my actual username. If I run os.system('echo $USER') from that prompt, it tells me I'm root. So it looks like it is probably still telling the license server that I'm root, the server has just decided to give me a license this time, for some reason. – Sohcahtoa82 – 2014-06-06T20:54:08.887