Running processes as root
danl at midget.towson.edu
danl at midget.towson.edu
Mon Oct 23 00:34:45 AEST 1989
Jonathan Bayer <jbayer at ispi.uucp> writes:
>The set-uid bit does not work for shell scripts. You will have to write
>a small program (or grab one from the archives) that will then execute
>the shell script. The program will be able to use the set-uid bit, and
>the script that is run then will run as root. This is generally not
>a good idea.
All of the above is quite wrong. On all of the BSD derivatives I've used
set-uid does work for shell scripts. True, it doesn't work on some AT&T
derivatives and you will have to use the scheme described above - a
compiled program run set-uid which exec's the appropriate shell with
the script as an argument.
In most cases, this is a very good idea, if not the only way to do some
things. True, you must think ahead to restrict the user to executing
only the script you've choosen (i.e. don't use more to display since they
can then fork a shell as the super-user), and make sure that the user can't
replace your program with his own.
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Dan Gosner Internet: danl at midget.towson.edu
Operations Manager DGosner at TOE.TOWSON.EDU
Towson State University Bitnet: DGosner at TOWSONVX
Academic Computing
Towson, Maryland 21204
%% VMS pays the bills, but Unix is where my real work gets done. %%
***************************************************************************
More information about the Comp.unix.questions
mailing list