Re: Setting effective UID for a shell script
On Wed, May 15, 2002 at 04:31:09PM +0930, Tom Cook wrote:
> On 0, Alberto Cabello Sanchez <alberto@unex.es> wrote:
> > As far as I know, you can't. I think you have to setuid() and exec() in
> > a, say, C compiled program.
>
> No, that's when you want to do it the other way around.
No. 'Cause if you don't have the priveledge already, a call to
setuid won't give it to you. But, you can give up priveledge.
> If you are root and want to run it as someone else, then:
> su -c <cmd>
>
> will do it without asking for a passwd.
If you're root, and want to run the command as another user, you
have to specify which user. That is what the OP wanted to do.
> If you are not root and want to run it as root, then:
>
> * Use one of the setuid script wrappers around. I don't know of any
> off the top of my head, but they must be around.
>
> * Write your own setuid script wrapper in C. It's not hard - it goes
> something like this:
>
> #include <unistd.h>
> int main( int argc, char** argv )
> {
> execve( argv[0], argv[1] );
> return 0;
> }
>
> chown root setuidscriptwrapper
> chmod u+sx setuidscriptwrapper
>
> or something of that order. Control *very* closely who has permission
> to run this script.
Lucky for you, you're wrapper won't compile. Semantically, it'd invoke
endless recursion anyway. All around, this is a bad idea. You might as
well remove the root password.
--
Eric G. Miller <egm2@jps.net>
--
To UNSUBSCRIBE, email to debian-user-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: