Re: Script-Permission
From: Bob Booth - CITES (booth_at_UIUC.EDU)
Date: 02/25/04
- Previous message: John Jolet: "Re: Script-Permission"
- In reply to: John Jolet: "Re: Script-Permission"
- Next in thread: John Jolet: "Re: Script-Permission"
- Reply: John Jolet: "Re: Script-Permission"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Wed, 25 Feb 2004 14:52:08 -0600 To: aix-l@Princeton.EDU
Here is an example of a setuid C program wrapper:
/*
C program wrapper so that scripts can be run suid root.
!!!USE at your own risk!!!
*/
#include <pwd.h>
#include <sys/resource.h>
main(argc, argv) int argc; char *argv[]; {
struct passwd *pw = getpwnam("root");
setpriority(PRIO_PROCESS, 0, -20);
setuid(pw->pw_uid);
execv("fullpath and name of your script here", argv);
}
On Wed, Feb 25, 2004 at 02:35:20PM -0600, John Jolet wrote:
> if they can't read the script, how can the bash shell interpret it? the only
> way to do this is with a setuid wrapper program. aix disallows setuid shell
> scripts, so you'll most likely have to write it in c or something.
>
> On Wednesday 25 February 2004 02:16 pm, you wrote:
> > Hi *,
> > I have a script which has a password stored in it, and i want
> > some of the identified users to be able to execute this script, The user is
> > unable to execute after setting the execute bit on the script, but once i
> > give read permission also to that user, he is able to do execute.
> > pl let me know is there any way where i can allow the other user to execute
> > but still disable him to read the script.
> >
> > TIA
> > Praveen.K
> >
> >
> > *********************
> > Internet communications are not necessarily secure and may be intercepted
> > or changed after they are sent. cahoot does not accept liability for any
> > such changes.
> > If you wish to confirm the origin or content of this communication, please
> > contact the sender using an alternative means of communication.
> >
> > This communication does not create or modify any contract.
> >
> > This email may contain confidential information intended solely for use by
> > the addressee. If you are not the intended recipient of this communication
> > you should destroy it without copying, disclosing or otherwise using its
> > contents.
> >
> > Please notify the sender immediately of the error.
> >
> > cahoot is a division of Abbey National plc.
> > Abbey National plc is registered in England, registered number 2294747.
> > Registered Office: Abbey National House, 2 Triton Square, Regent's Place,
> > London, NW1 3AN.
- Previous message: John Jolet: "Re: Script-Permission"
- In reply to: John Jolet: "Re: Script-Permission"
- Next in thread: John Jolet: "Re: Script-Permission"
- Reply: John Jolet: "Re: Script-Permission"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
