Re: setuid programs under "sarge" and "woody"

To: Douglas Bates <bates@stat.wisc.edu>
Cc: debian-devel@lists.debian.org, Erich Henninger <henninge@cs.wisc.edu>
Subject: Re: setuid programs under "sarge" and "woody"
From: Bernd Eckenfels <lists@lina.inka.de>
Date: Thu, 31 Oct 2002 18:38:36 +0100
Message-id: <[🔎] 20021031173836.GA29443@lina.inka.de>
In-reply-to: <6rela6frgs.fsf@bates4.stat.wisc.edu>
References: <6rela6frgs.fsf@bates4.stat.wisc.edu>

On Thu, Oct 31, 2002 at 11:28:19AM -0600, Douglas Bates wrote:
> We have their tar program installed under the wsbackup login.  The
> program is owned by root.root and has setuid and setgid permissions.

> > It seems the script is being found, but has errors/doesn't
> > execute/something.
> 
> Is there something else I should do to allow this program to run
> setuid root?

if it is a bash script rewrite it to a perl script. bash scripts do not run
suid root.

You can also make the backup user numerical uid 0 and restrict its commands
it can execute by ssh cmd= command.

Greetings
Bernd
-- 
  (OO)      -- Bernd_Eckenfels@Wendelinusstrasse39.76646Bruchsal.de --
 ( .. )  ecki@{inka.de,linux.de,debian.org} http://home.pages.de/~eckes/
  o--o     *plush*  2048/93600EFD  eckes@irc  +497257930613  BE5-RIPE
(O____O)  When cryptography is outlawed, bayl bhgynjf jvyy unir cevinpl!

Reply to:

Prev by Date: a pbuilder run finished
Next by Date: Re: Woody + Dell PowerEdge = disaster.
Previous by thread: Re: setuid programs under "sarge" and "woody"
Next by thread: Re: A Round of Removals
Index(es):
- Date
- Thread