3.3.1 questions & complaints
Bernard J. Duffy
bernie at umbc3.UMBC.EDU
Fri Sep 28 09:05:06 AEST 1990
In article <1990Sep26.174852.1344 at ux1.cso.uiuc.edu> wsherman at newton.ncsa.uiuc.edu (William Sherman -Visualization) writes:
... (X stuffs deleted)
>
>Okay, my first complaint is about something I'm sure SGI considers
>a "feature." I have some shell scripts to mount and unmount nfs'ed
>disks to allow me to adapt to network problems, and machines going
>down. Of course only the superuser can do this, so the scripts are
>owned by root, and the setuid bit is set. Well, under 3.3.1, I'm
>informed that "mount_x: Setuid shell scripts not allowed." Is there
>anything I can do to allow them? If not, there should be.
>
... other stuffs deleted...
>
>/* Bill Sherman National Center for Supercomputing Applications */
>/* University of Illinois Champaign-Urbana */
Bill,
I've been told that suid scripts are dangerous, so I put my {,u}mount
command for an optical drive (have to change platters from time to time).
The program is real simple and I've over-commented it below. I needed
to use getgid() to restrict use to the group of users that owned the
optical drive. Other command(s) could be enveloped in this manner.
Here's the program :
/* cut here ...... */
/* moptical.c -
Allow someone of the groupS group to become root
and execute the /etc/mount /chem2/optical (or /etc/umount
/chem2/optical if executed with uoptical softlink) command without
the hassle of typing in the root passwd (or even knowing it).
Author: Bernie Duffy, Academic Computing Date: Jan. 19, 1990
To install it: (Executible must, of course, be suid.) ! on chem3
cd /usr/local/grps/src/moptical
newgrp groupS
cc moptical.c -o /usr/local/grps/bin/moptical
cd /usr/local/grps/bin
ln -s /usr/local/grps/bin/moptical uoptical
chmod 4750 moptical
# ls -l /usr/local/grps/bin/*opt*
-rwsr-x--- 1 root groupS 42664 Jan 19 17:50 moptical*
l--------- 1 root groupS 28 Jan 19 17:51 uoptical@ ->
/usr/local/grps/bin/moptical
*/
#include <stdio.h>
#define GROUPID 30
#define GROUPNAME "groupS"
#define DISKPARTITION "/chem2/optical"
main (argc,argv)
int argc;
char **argv;
{
if (getgid() != GROUPID && getuid() != 0) {
fprintf(stderr, "You don't belong to the %s group, sorry.\n", GROUPNAME);
exit(0);
}
printf ("Please wait... ");
setuid(0);
if ( strncmp (argv[0], "moptical", 8) == 0 ) {
printf("Mounting %s : mount -c %s\n", DISKPARTITION, DISKPARTITION);
execlp("/etc/mount", "mount", "-c", DISKPARTITION, (char *) 0); }
else {
printf("Un-mounting %s : umount %s\n", DISKPARTITION, DISKPARTITION);
execlp("/etc/umount", "umount", DISKPARTITION, (char *) 0); }
perror(argv[0]);
exit(0);
}
/* end of moptical.c program. execlp() will only return if there is a
permission or process creation error... that's the only way exit(0);
will get called.
*/
--
Bernie Duffy Systems Programmer II | Bitnet : BERNIE at UMBC2
Academic Computing Services - L005e | Internet : BERNIE at UMBC2.UMBC.EDU
Univ. of Maryland Baltimore County | UUCP : ...!uunet!umbc3!bernie
Baltimore, MD 21228 (U.S.A.) | W: (301) 455-3231 H: (301) 744-2954
More information about the Comp.sys.sgi
mailing list