set user-id

Gerald S. Stoller gs_stoller at
Wed Jul 23 11:58:00 PDT 2003

>From: Dan Nelson <dnelson at>
>To: Ryan Thompson <ryan at>
>CC: "Gerald S. Stoller" <gs_stoller at>, vze25pmf at,   
>FreeBSD Questions <freebsd-questions at>
>Subject: Re: set user-id
>Date: Tue, 22 Jul 2003 14:37:29 -0500
>In the last episode (Jul 22), Ryan Thompson said:
> > If you *really* want to have suid scripts, your binary wrapper idea is
> > quite a common trick. Don't get fancy with it, though. A one-liner to
> > execve(2) should really be all you need. Either that, or re-code the
> > whole thing in C (or some other compiled language). C can introduce
> > insecurities of its own, but at least you'd (arguably) have put them
> > there yourself. :-)
>I use sudo for stuff like this.  I add a line like this in sudoers:
    I don't understand the next line!
>ALL             ALL = NOPASSWD: /usr/local/bin/thescript
  ???             Setting a variable??     Okay, invoking the script
>and put this it the top of thescript:
>#! /bin/sh
>if [ $(id -u) -ne 0 ] ; then
>   if [ "$TRYINGSUDO" = "1" ] ; then
>     echo "Cannot get admin priviledges!  Exiting"
>     exit 1
>   else
>     export TRYINGSUDO=1
>     exec sudo $0 "$@"
>   fi
>	Dan Nelson
>	dnelson at

        I tried a suggestion by Ryan (slipping in something from his email)
>>Well, why don't you just chmod 4755 /bin/ksh, then. :-D
with a slight change, I copied  ksh  to  /bin  with the name  kshroot , made 
that the group on it is the group of  root , and then did
                  chmod 4750  /bin/kshroot
Thus only the users who are 'close to' root (e.g., generally users who have 
root  password so they can become  root  if necessary) can run this shell 
they need to act as  root , and can use it in scripts (first line: 
#!/bin/kshroot).  Again
note that these scripts can only be invoked by users who are 'close to' 
root.  For the
other users, I'd have to use a sudo.

MSN 8 helps eliminate e-mail viruses. Get 2 months FREE*.

More information about the freebsd-questions mailing list