[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Setting effective UID for a shell script

On Wed, May 15, 2002 at 04:31:09PM +0930, Tom Cook wrote:
> On  0, Alberto Cabello Sanchez <alberto@unex.es> wrote:
> > As far as I know, you can't. I think you have to setuid() and exec() in
> > a, say, C compiled program.
> No, that's when you want to do it the other way around.

No. 'Cause if you don't have the priveledge already, a call to
setuid won't give it to you.  But, you can give up priveledge.

> If you are root and want to run it as someone else, then:
> su -c <cmd>
> will do it without asking for a passwd.

If you're root, and want to run the command as another user, you
have to specify which user.  That is what the OP wanted to do.

> If you are not root and want to run it as root, then:
>  * Use one of the setuid script wrappers around.  I don't know of any
>    off the top of my head, but they must be around.
>  * Write your own setuid script wrapper in C.  It's not hard - it goes
>    something like this:
> #include <unistd.h>
> int main( int argc, char** argv )
> {
> 	execve( argv[0], argv[1] );
> 	return 0;
> }
> chown root setuidscriptwrapper
> chmod u+sx setuidscriptwrapper
> or something of that order.  Control *very* closely who has permission
> to run this script.

Lucky for you, you're wrapper won't compile.  Semantically, it'd invoke
endless recursion anyway.  All around, this is a bad idea.  You might as
well remove the root password.

Eric G. Miller <egm2@jps.net>

To UNSUBSCRIBE, email to debian-user-request@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to: