Welcome to unix. A bit of convolution, but still far simpler than the Windows security model, IMO. (Though still not perfect, but I digress.)
First off, just because you can't log in as root doesn't mean you can't log in as root. ;-) It just means you can't log in via gdm (the GUI) as root - a good thing by any security-minded definition. You should be able to gain root access in any number of other ways, some requiring a password, others have the password as optional.
What I've done in the past is set up sudo to allow running of a particular command without a password. In my case, I want to run it as a particular user, so I have:
%build ALL=(nobody) NOPASSWD: /full/path/to/script
With this, anyone can run "sudo -u nobody /full/path/to/script" and not be asked for a password. Well, that's great, but a bit cumbersome. So my script does this:
# Are we the right user?
use User::pwent;
my $user_wanted = 'nobody';
my $user = getpwnam($user_wanted);
if ($< != $user->uid())
{
exec(qw(sudo -u), $user_wanted, $0, @ARGV);
}
[...]
Now I can just run /full/path/to/script, and it will exec itself as the right user if it isn't already.
Hope that helps. |