Re: Script-Permission
From: Bob Booth - CITES (booth_at_UIUC.EDU)
Date: 02/25/04
- Previous message: Darryl Ousterhout: "SAN Adapter Stats"
- In reply to: John Jolet: "Re: Script-Permission"
- Next in thread: Holger.VanKoll_at_SWISSCOM.COM: "Re: Script-Permission"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Wed, 25 Feb 2004 15:24:03 -0600 To: aix-l@Princeton.EDU
agreed!
sudo is a good option, and you should also make sure that the script you
propose *really* needs to be run as root. These types of scripts/wrappers are
almost always targets of hackers with a binary editor.
bob
On Wed, Feb 25, 2004 at 03:11:13PM -0600, John Jolet wrote:
> as the comments say....be very careful with this sort of mechanism. make sure
> you've exhausted your other options...have you tried sudo?
>
> On Wednesday 25 February 2004 02:52 pm, you wrote:
> > Here is an example of a setuid C program wrapper:
> >
> > /*
> > C program wrapper so that scripts can be run suid root.
> > !!!USE at your own risk!!!
> > */
> >
> > #include <pwd.h>
> > #include <sys/resource.h>
> >
> > main(argc, argv) int argc; char *argv[]; {
> > struct passwd *pw = getpwnam("root");
> > setpriority(PRIO_PROCESS, 0, -20);
> > setuid(pw->pw_uid);
> > execv("fullpath and name of your script here", argv);
> > }
> >
> > On Wed, Feb 25, 2004 at 02:35:20PM -0600, John Jolet wrote:
> > > if they can't read the script, how can the bash shell interpret it? the
> > > only way to do this is with a setuid wrapper program. aix disallows
> > > setuid shell scripts, so you'll most likely have to write it in c or
> > > something.
> > >
> > > On Wednesday 25 February 2004 02:16 pm, you wrote:
> > > > Hi *,
> > > > I have a script which has a password stored in it, and i
> > > > want some of the identified users to be able to execute this script,
> > > > The user is unable to execute after setting the execute bit on the
> > > > script, but once i give read permission also to that user, he is able
> > > > to do execute. pl let me know is there any way where i can allow the
> > > > other user to execute but still disable him to read the script.
> > > >
> > > > TIA
> > > > Praveen.K
> > > >
> > > >
> > > > *********************
> > > > Internet communications are not necessarily secure and may be
> > > > intercepted or changed after they are sent. cahoot does not accept
> > > > liability for any such changes.
> > > > If you wish to confirm the origin or content of this communication,
> > > > please contact the sender using an alternative means of communication.
> > > >
> > > > This communication does not create or modify any contract.
> > > >
> > > > This email may contain confidential information intended solely for use
> > > > by the addressee. If you are not the intended recipient of this
> > > > communication you should destroy it without copying, disclosing or
> > > > otherwise using its contents.
> > > >
> > > > Please notify the sender immediately of the error.
> > > >
> > > > cahoot is a division of Abbey National plc.
> > > > Abbey National plc is registered in England, registered number 2294747.
> > > > Registered Office: Abbey National House, 2 Triton Square, Regent's
> > > > Place, London, NW1 3AN.
- Previous message: Darryl Ousterhout: "SAN Adapter Stats"
- In reply to: John Jolet: "Re: Script-Permission"
- Next in thread: Holger.VanKoll_at_SWISSCOM.COM: "Re: Script-Permission"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
