search

cswl / tsu

Gain root shell on Termux.
ISC License
646 stars 155 forks source link

Cannot change to another user #58

Open Smankusors opened 4 years ago

Smankusors commented 4 years ago

So, in the show usage, I see that we have [USER] argument. So I think I use that to change another user other than "root".

$ tsu u0_a78
# whoami
root

well it's not. Alright, so I try with sudo. I see that we have -u [user] argument. So............ nope.

$ sudo --dbg -u u0_a78 bash                                                                                                                                             + shift
+ TERMUX_FS=/data/data/com.termux/files
+ TERMUX_PREFIX=/data/data/com.termux/files/usr
+ TERMUX_PATH=/data/data/com.termux/files/usr/bin:/data/data/com.termux/files/usr/bin/applets
+ ROOT_HOME=/data/data/com.termux/files/home/.suroot
+ ANDROIDSYSTEM_PATHS=/system/bin:/system/xbin
+ BB_MAGISK=/sbin/.magisk/busybox
+ log_DEBUG TSU_AS_SUDO
+ [[ true == true ]]
+ [[ -u == \s\u ]]
+ log_DEBUG _TSU_AS_SUDO
+ [[ -z true ]]
+ declare -A EXP_ENV
+ log_DEBUG _TSU_AS_SUDO
+ [[ true == true ]]
+ [[ -z -u ]]
++ printf '%q ' -u u0_a78 bash
+ CMD_ARGS='-u u0_a78 bash '
+ env_path_helper
+ log_DEBUG env_path_helper
+ log_DEBUG SWITCH_USER
+ [[ -z '' ]]
+ NEW_HOME=/data/data/com.termux/files/home/.suroot
+ EXP_ENV[PREFIX]=/data/data/com.termux/files/usr
+ EXP_ENV[TMPDIR]=/data/data/com.termux/files/home/.suroot/.tmp
+ EXP_ENV[LD_PRELOAD]=/data/data/com.termux/files/usr/lib/libtermux-exec.so
+ log_DEBUG _TSU_AS_SUDO
+ [[ true == true ]]
+ NEW_PATH=/data/data/com.termux/files/usr/bin:/data/data/com.termux/files/usr/bin/applets
++ id -g
+ SUDO_GID=10078
++ id -un
+ SUDO_USER=u0_a78
+ EXP_ENV[SUDO_GID]=10078
+ EXP_ENV[SUDO_USER]=u0_a78
+ log_DEBUG LD_LIBRARY_PATH
+ [[ -n '' ]]
+ EXP_ENV[PATH]=/data/data/com.termux/files/usr/bin:/data/data/com.termux/files/usr/bin/applets
+ EXP_ENV[HOME]=/data/data/com.termux/files/home/.suroot
+ EXP_ENV[TERM]=xterm-256color
+ [[ -z true ]]
+ set +x
+ [[ -d /data/data/com.termux/files/home/.suroot ]]
+ STARTUP_SCRIPT='-u u0_a78 bash '
+ SU_BINARY_SEARCH=("/system/xbin/su" "/system/bin/su")
+ [[ -x /sbin ]]
+ SU_BINARY_SEARCH+=("/sbin/su" "/sbin/bin/su")
+ unset LD_LIBRARY_PATH
+ unset LD_PRELOAD
+ [[ -z '' ]]
++ /sbin/su -v
+ [[ 18.1:MAGISKSU (topjohnwu) == *\M\A\G\I\S\K\S\U ]]
+ for SU_BINARY in "${SU_BINARY_SEARCH[@]}"
+ '[' -e /system/xbin/su ']'
+ for SU_BINARY in "${SU_BINARY_SEARCH[@]}"
+ '[' -e /system/bin/su ']'
+ for SU_BINARY in "${SU_BINARY_SEARCH[@]}"
+ '[' -e /sbin/su ']'
+ exec /sbin/su -c 'PATH=/system/bin:/system/xbin env -i  PATH=/data/data/com.termux/files/usr/bin:/data/data/com.termux/files/usr/bin/applets  SUDO_GID=10078  ANDROID_DATA=/data  SUDO_USER=u0_a78  TMPDIR=/data/data/com.termux/files/home/.suroot/.tmp  PREFIX=/data/data/com.termux/files/usr  TERM=xterm-256color  LD_PRELOAD=/data/data/com.termux/files/usr/lib/libtermux-exec.so  ANDROID_ROOT=/system  HOME=/data/data/com.termux/files/home/.suroot  -u u0_a78 bash '
env: exec -u: No such file or directory

kinda funny it's written on help but.... not implemented? 😨

Is there's something wrong? Or I misunderstood something? Is this because I use old Magisk? I rarely update it because it needs to be updated via recovery, or else I lost my root.

cswl commented 4 years ago

Ah.. sorry.. I had written the implementation but it was buggy.. So I removed it.. and I forgot to change the help text..

I will rewrite it later tonight... Also it's not possible to run Termux binaries as another user only system shell.. since beside root and Termux no other uid can access Termux data dir

Sorry for your confusion..

Smankusors commented 4 years ago

oooh right I just realized that... you mean if I'm using uid other than root and Termux, I still cannot call application from /data/data/com.termux/files/usr/bin/? Well... not if I set it with permission 777 right?

cswl commented 4 years ago

Please try this version and see if USER and -u works for you

curl -L "https://raw.githubusercontent.com/cswl/tsu/next/dist/tsu" > "$PREFIX/bin/tsu"

I set it with permission 777 right? What is your use case? It might be possible.. but that might cause other weird issues when on Termux only

Smankusors commented 4 years ago

Please try this version and see if USER and -u works for you

curl -L "https://raw.githubusercontent.com/cswl/tsu/next/dist/tsu" > "$PREFIX/bin/tsu"

it works, but I lost the PATH environment variable.

What is your use case? It might be possible.. but that might cause other weird issues when on Termux only

Actually was, but then I abandoned it.

I want to run particular program with access to external SD card. But Termux doesn't have the permission, so I logged in as root. It succeed, but I don't trust giving root to this program, so I back logged in as termux uid instead.

It can access external sd card, but another problem comes. It cannot access the internet because I don't run it with group inet. It would be nice if tsu can run as group, but with Android architecture like this, it this even possible? I can't find any references on the internet about run as group...

Note that this external SD card permission problem is kinda happen only on certain version of Android I think. Maybe there's some Magisk/kernel/app configuration that prevent Termux accessing external SD card.

cswl commented 4 years ago

I guess termux-setup-storage` only works for Internal storage..

There are magisk modules that enable full access to external sdcard.. but it depends on which Android version..

You could also just bind mount /mnt/runtime/default/STORAGE-UUID