Re: [OT] change user when executing some script

To: debian-user@lists.debian.org
Subject: Re: [OT] change user when executing some script
From: bob@proulx.com (Bob Proulx)
Date: Thu, 14 Jun 2007 17:15:40 -0600
Message-id: <[🔎] 20070614231540.GA32579@dementia.proulx.com>
Mail-followup-to: debian-user@lists.debian.org
In-reply-to: <[🔎] d5cfc3af0706141025o35f989fcl210924cc9f94fc05@mail.gmail.com>
References: <[🔎] d5cfc3af0706130812m41baa46eu3c63befc19cff855@mail.gmail.com> <[🔎] 20070613231859.GC13597@titan> <[🔎] 20070614064246.GB11647@dementia.proulx.com> <[🔎] d5cfc3af0706140158m50594aabxba93d7eaada46736@mail.gmail.com> <[🔎] d5cfc3af0706140504i5ce85614racab62ca3374a6b2@mail.gmail.com> <[🔎] 20070614164021.GA13470@dementia.proulx.com> <[🔎] d5cfc3af0706141025o35f989fcl210924cc9f94fc05@mail.gmail.com>

Galevsky wrote:
> Many thanks for your comment and piece of code ;)

I would not want to have warned that the sky was falling without being
able to direct people to an underground bunker where they would be
safe.  :-)

> In fact, I need my team to run a ruby tool,

Yeah!  Ruby!  Good stuff.  (I am just saying this to give market share
and positive feedback on this fine language.)

> but $RUBYLIB and the main routine call is done into a setgid shell
> script.

I don't understand what you are describing here.  Of course $RUBYLIB
is used by ruby to locate 'required' files.  But suid does not apply
there.  Ruby itself will have a script entry point.

> The script belongs to special user and group: myTeam:myTeam,
> and all the members of the team have the ability to log as myTeam
> special user.

Is the set of your team members and the set of all local users on the
host the same set?  Because the issue would be that anyone that can
log onto the machine as anyone can become myTeam:myTeam.

If all users that can log onto the machine are authorized then that is
fine.  There is no remote exploit available.  It is only vulnerable by
an already running user process on the machine.  Then I see no problem
in the case you describe.  That would be okay.

Bob

Reply to:

Follow-Ups:
- Re: [OT] change user when executing some script
  - From: Galevsky <galevsky@gmail.com>

References:
- [OT] change user when executing some script
  - From: Galevsky <galevsky@gmail.com>
- Re: [OT] change user when executing some script
  - From: Douglas Allan Tutty <dtutty@porchlight.ca>
- Re: [OT] change user when executing some script
  - From: bob@proulx.com (Bob Proulx)
- Re: [OT] change user when executing some script
  - From: Galevsky <galevsky@gmail.com>
- Re: [OT] change user when executing some script
  - From: Galevsky <galevsky@gmail.com>
- Re: [OT] change user when executing some script
  - From: bob@proulx.com (Bob Proulx)
- Re: [OT] change user when executing some script
  - From: Galevsky <galevsky@gmail.com>

Prev by Date: Re: Got a boot error when starting up
Next by Date: Re: Comparing files in two directories
Previous by thread: Re: [OT] change user when executing some script
Next by thread: Re: [OT] change user when executing some script
Index(es):
- Date
- Thread