Android normal username loses group information when su for another user in ssh session

Question

Android normal username loses group information when su for another user in ssh session

What am I doing:

I built GNU emacs for my own use on the phone.
I run emacs in daemon mode on the phone, so I connect to it anytime using emacsclient to continue working with regular files, start processes, etc.
When logging in from the terminal on the phone, I'm currently user 10157, everything works:
$ id
uid = 10157 (10157) gid = 10157 (10157) groups = 10157 (10157), 1015 (1015), 1023 (1023), 1028 (1028), 3003 (3003)
When I connect via ssh to the phone from a PC (I use DigiSSHd on the phone), it registers me as a regular user 10282, everything works:
$ id
uid = 10282 gid = 10282 groups = 1015 (1015), 1023 (1023), 1028 (1028), 3003 (3003)

Emacs works fine, etc. However, this way I cannot connect via emacsclient to the emacs process running under user 10157. This is desirable since I do not want to start two emacs processes, since I want to continue working with the files that I opened in emacs under user 10157.

Thus: $ su - 10157

Ok, I can run emacs, etc. However, I cannot access the network.

 $ ping -c1 google.com You must have internet permissions to use ping. Aborting. $ id uid=10157(10157) gid=10157(10157) groups=10157(10157)

Thus, I am no longer in the 3003 group needed to access the Internet, among other groups.

Why is this group information deleted, and how can I fix it, so I can continue to access the network when su is like this user in ssh?

+4

android ssh su

白い熊 Jan 17 '13 at 7:04

source share

4 answers

appsroxcom · Answer 1 · 2013-04-07T19:30:28+0000

When I ran the command:

 busybox --list

I do not see su on the list.

 su --help

shows the text Superuser.apk in the help text. This means that the su application is provided by the Superuser application.

I followed the steps you described, and I could use it as another user and still have access to the Internet, as shown below.

I have the following applications installed.

BusyBox v1.18.5-Stericson
Superuser v3.0.7
Terminal emulator v1.0.45
SSHDroid v1.9.6

Suggestion: I think the problem is with su on your device. You can try this. https://play.google.com/store/apps/details?id=com.noshufou.android.su

If I just use the adb shell without running SSHDroid, I can still use it as another user with Internet permission.

Note. The id BusyBox command always displays group information.

drone.ah · Answer 2 · 2013-04-04T14:35:40+0000

According to standard su help page (from linux window)

When - is used, it should be specified as the last parameter su. Other forms (-l and -login) do not have this limitation.

Based on this, try

 $ su 10157 -

Bryan devaney · Answer 3 · 2013-04-05T09:31:19+0000

Something is probably missing me, because it seems too obvious, but why not just "sudo -u 10157" your emacs program?

you will still have access to the network and your emacs will work. or did I miss something important?

Giacomo tesio · Answer 4 · 2013-04-09T16:04:38+0000

Permissions are not environment variables that can be inherited via su - .

In addition, gid are hardcoded , and their associations with each APP uid cannot be changed after installation.

10157 must be the uid of the DigiSSHd application, so you can try rebuilding it after changing AndroidManifest.xml to require proper permission .

Here you can find something useful here and here .

The same should work for BusyBox (see here ).

However, you can open a security hole by enabling NETWORK access through such applications.

Android normal username loses group information when su for another user in ssh session

More articles: