Re: suid script

To: Pere Camps <pere@casal.upc.es>
Cc: Debian User Lists <debian-user@lists.debian.org>
Subject: Re: suid script
From: glhenni@cs.sandia.gov (Gary L. Hennigan)
Date: 03 Dec 1998 07:00:22 -0700
Message-id: <[🔎] sa7vhjt5nrd.fsf@chtorr.cs.sandia.gov>
In-reply-to: Pere Camps's message of "Thu, 3 Dec 1998 13:01:26 +0000 (GMT)"
References: <[🔎] Pine.LNX.3.96.981203125331.11053A-100000@casal.upc.es>

Pere Camps <pere@casal.upc.es> writes:
| Hi!
| 
| 	I want my users to be able to execute this script:
| 
| #!/bin/bash
| /sbin/kbdrate -r 30 -d 250
| /etc/init.d/gpm stop
| /etc/init.d/gpm start
|  
| 	The problem is that these programs need root's privileges. I've
| suid the script root:root but still the programs say I don't have he right
| permisions to execute them.
| 
| 	What's going wrong here?

Scripts are not allowed to set UID, it's a security feature. I don't
know where this occurs, but it's pretty low level, perhaps in the
kernel itself or in the shell, and there's no getting around it. There 
are just too many holes that allowing scripts to be setuid root would
allow and so that capability is disallowed.

The only way around it is to write a C (or maybe Perl) program, have
that program setuid root and have it call the script. Of course for
what you're doing it might be just as easy to have the C program
perform the operations itself using the system() call. Either that or
install the sudo package and learn how to use it.

Gary

Reply to:

Follow-Ups:
- Re: suid script
  - From: Brandon Mitchell <bhmit1@mail.wm.edu>
- Re: suid script
  - From: Pere Camps <pere@casal.upc.es>

References:
- suid script
  - From: Pere Camps <pere@casal.upc.es>

Prev by Date: Remote backup
Next by Date: Re: suid script
Previous by thread: suid script
Next by thread: Re: suid script
Index(es):
- Date
- Thread