Re: Setting effective UID for a shell script
On Wed, May 15, 2002 at 04:31:09PM +0930, Tom Cook wrote:
> On 0, Alberto Cabello Sanchez <firstname.lastname@example.org> wrote:
> > As far as I know, you can't. I think you have to setuid() and exec() in
> > a, say, C compiled program.
> No, that's when you want to do it the other way around.
No. 'Cause if you don't have the priveledge already, a call to
setuid won't give it to you. But, you can give up priveledge.
> If you are root and want to run it as someone else, then:
> su -c <cmd>
> will do it without asking for a passwd.
If you're root, and want to run the command as another user, you
have to specify which user. That is what the OP wanted to do.
> If you are not root and want to run it as root, then:
> * Use one of the setuid script wrappers around. I don't know of any
> off the top of my head, but they must be around.
> * Write your own setuid script wrapper in C. It's not hard - it goes
> something like this:
> #include <unistd.h>
> int main( int argc, char** argv )
> execve( argv, argv );
> return 0;
> chown root setuidscriptwrapper
> chmod u+sx setuidscriptwrapper
> or something of that order. Control *very* closely who has permission
> to run this script.
Lucky for you, you're wrapper won't compile. Semantically, it'd invoke
endless recursion anyway. All around, this is a bad idea. You might as
well remove the root password.
Eric G. Miller <email@example.com>
To UNSUBSCRIBE, email to firstname.lastname@example.org
with a subject of "unsubscribe". Trouble? Contact email@example.com