UNIX equivalent of CreateProcessWithLogonW

What I have: the login/password for a UNIX user (alice).

Who I am: some other UNIX user (bob).

What I need to do: start a process programmatically (foo) as the other user (alice).

What the end result should be: the process is running and displays alice as the owner if a "ps" is done. For purposes of privileges, acts as if alice started it.

Basically I need to write some code that does the equiv开发者_如何学编程alent of "su -c 'foo' - alice"

Ideally I don't want to have to set any special bits or permissions on the executable in question (foo).

---

I see only two possibilites to start a process as alice on UNIX/Linux from a process owned by bob that cannot setuid itself.

• call a setuid program
• communicate with an already running process that can start processes as alice

---

Never say never, but I think this is probably impossible in any unix-portable way. The setuid(2) call (and friends) succeeds only if the current uid is either the same as the target one (modulo some subtleties about effective and real uids) or if the current uid is 0 (ie, root). That is, you can't change from one non-root uid to another.

Having the password doesn't help. The password is used for the initial authentication to the system, whether it be via login, ssh, or some GUI login dialogue, but the password is the concern of those programs alone, and not of the system as such. Put another way, the kernel doesn't care about your password, and it's the kernel that you have to talk to if you want to change your uid.

That is, you're probably therefore obliged to consider indirect routes, such as the ones Peter G mentioned.

(Yes, some unixes may have a way of doing this, but that's platform-specific).

I know I'm not adding any positive advice here, only the possibly time-saving negative advice of 'nothing to see here; move right along...'