set user-id
Dan Nelson
dnelson at allantgroup.com
Tue Jul 22 12:37:36 PDT 2003
In the last episode (Jul 22), Ryan Thompson said:
> If you *really* want to have suid scripts, your binary wrapper idea is
> quite a common trick. Don't get fancy with it, though. A one-liner to
> execve(2) should really be all you need. Either that, or re-code the
> whole thing in C (or some other compiled language). C can introduce
> insecurities of its own, but at least you'd (arguably) have put them
> there yourself. :-)
I use sudo for stuff like this. I add a line like this in sudoers:
ALL ALL = NOPASSWD: /usr/local/bin/thescript
and put this it the top of thescript:
#! /bin/sh
if [ $(id -u) -ne 0 ] ; then
if [ "$TRYINGSUDO" = "1" ] ; then
echo "Cannot get admin priviledges! Exiting"
exit 1
else
export TRYINGSUDO=1
exec sudo $0 "$@"
fi
fi
--
Dan Nelson
dnelson at allantgroup.com
More information about the freebsd-questions
mailing list