[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: suid script

| From: dpk <dpk@egr.msu.edu>
| On Thu, 3 Dec 1998, Pere Camps wrote:
|    	I want my users to be able to execute this script:
|    #!/bin/bash
|    /sbin/kbdrate -r 30 -d 250
|    /etc/init.d/gpm stop
|    /etc/init.d/gpm start
| A better/more secure way is to install the package 'sudo'.  Then you
| can add the command to the /etc/sudoers file:
| #= Give 'username' permission to execute 'mycommand' as root
| username           ALL=/path/to/mycommand
| Hope this helps!

that's two suggestions on how to get around the issue using
sudo.  if you want to give your users access to these two
specific commands -- kbdrate and gpm -- you might have luck
setting those two executables to be SUID-root.  

there are some complications -- gpm in context is itself a
shell script which checks for rootness.  even with that
defeated, i don't know how well start-stop-daemon responds
to nonroot users.  it might work better to invoke the real
gpm directly, after giving it suid, first with -k and then
with the arguments you like.

your darling users would simply run the user level shell
script and hopefully never be the wiser.

or... you could bind the script to a specific sequence of
mouse buttons, assuming your users are likely to be messing
with gpm and keyboard stuff from the console.

duncan.   ( hi joe )

Reply to: