Re: Script-Permission
From: Kumar, Praveen (cahoot) (Praveen.Kumar_at_CAHOOT.COM)
Date: 02/26/04
- Previous message: Green, Simon: "Re: DST Changes"
- Maybe in reply to: Kumar, Praveen (cahoot): "Script-Permission"
- Next in thread: Aaron W Morris: "Re: Script-Permission"
- Reply: Aaron W Morris: "Re: Script-Permission"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Thu, 26 Feb 2004 12:15:52 -0000 To: aix-l@Princeton.EDU
Hi ,
Sorry to tell this late...actually the requirement is not to run a
script owned by root, but a non root user say user1 owns a script,which
another non root user say user2 want execute with out having read permission
for user2, as user1 stores some passwords in this script.
TIA
Praveen.K
-----Original Message-----
From: Bob Booth - CITES [mailto:booth@UIUC.EDU]
Sent: 25 February 2004 21:24
To: aix-l@Princeton.EDU
Subject: Re: Script-Permission
agreed!
sudo is a good option, and you should also make sure that the script you
propose *really* needs to be run as root. These types of scripts/wrappers
are
almost always targets of hackers with a binary editor.
bob
On Wed, Feb 25, 2004 at 03:11:13PM -0600, John Jolet wrote:
> as the comments say....be very careful with this sort of mechanism. make
sure
> you've exhausted your other options...have you tried sudo?
>
> On Wednesday 25 February 2004 02:52 pm, you wrote:
> > Here is an example of a setuid C program wrapper:
> >
> > /*
> > C program wrapper so that scripts can be run suid root.
> > !!!USE at your own risk!!!
> > */
> >
> > #include <pwd.h>
> > #include <sys/resource.h>
> >
> > main(argc, argv) int argc; char *argv[]; {
> > struct passwd *pw = getpwnam("root");
> > setpriority(PRIO_PROCESS, 0, -20);
> > setuid(pw->pw_uid);
> > execv("fullpath and name of your script here", argv);
> > }
> >
> > On Wed, Feb 25, 2004 at 02:35:20PM -0600, John Jolet wrote:
> > > if they can't read the script, how can the bash shell interpret it?
the
> > > only way to do this is with a setuid wrapper program. aix disallows
> > > setuid shell scripts, so you'll most likely have to write it in c or
> > > something.
> > >
> > > On Wednesday 25 February 2004 02:16 pm, you wrote:
> > > > Hi *,
> > > > I have a script which has a password stored in it, and i
> > > > want some of the identified users to be able to execute this script,
> > > > The user is unable to execute after setting the execute bit on the
> > > > script, but once i give read permission also to that user, he is
able
> > > > to do execute. pl let me know is there any way where i can allow the
> > > > other user to execute but still disable him to read the script.
> > > >
> > > > TIA
> > > > Praveen.K
> > > >
> > > >
> > > > *********************
> > > > Internet communications are not necessarily secure and may be
> > > > intercepted or changed after they are sent. cahoot does not accept
> > > > liability for any such changes.
> > > > If you wish to confirm the origin or content of this communication,
> > > > please contact the sender using an alternative means of
communication.
> > > >
> > > > This communication does not create or modify any contract.
> > > >
> > > > This email may contain confidential information intended solely for
use
> > > > by the addressee. If you are not the intended recipient of this
> > > > communication you should destroy it without copying, disclosing or
> > > > otherwise using its contents.
> > > >
> > > > Please notify the sender immediately of the error.
> > > >
> > > > cahoot is a division of Abbey National plc.
> > > > Abbey National plc is registered in England, registered number
2294747.
> > > > Registered Office: Abbey National House, 2 Triton Square, Regent's
> > > > Place, London, NW1 3AN.
.sophos.3.78d.02.25.
- Previous message: Green, Simon: "Re: DST Changes"
- Maybe in reply to: Kumar, Praveen (cahoot): "Script-Permission"
- Next in thread: Aaron W Morris: "Re: Script-Permission"
- Reply: Aaron W Morris: "Re: Script-Permission"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
