The set-user-ID-on-execution
Bill Moran
wmoran at potentialtech.com
Wed Aug 4 06:09:27 PDT 2004
Paredes Sánchez Martín A. <mparedes at telmex.com> wrote:
>
> Hi:
>
> I made a script (for tcsh shell) which add a printer to the system
> (made directories, files, security and made some validations) but
> need root access to accomplish this task.
>
> my solution was to setuid the scripts been root
>
> # chown root:admin-hmo *.tcsh
> # chmod u=swrx,g=rx,o= *.tcsh
> # ls -l
> total 4
> -rwsr-x--- 1 root admin-hmo 2024 Aug 3 04:07 impresora.tcsh
> -rwsr-x--- 1 root admin-hmo 275 Jul 30 02:26 seguridad.tcsh
>
> The first line of the script is #!/bin/tcsh -fb
>
> But when I run the script been other user I had problem with
> the permissions
>
> > impresora.tcsh oc81p8707 p1ct203 psct203 raw
> mkdir: /var/spool/lpd/oc81p8707: Permission denied
> touch: /var/spool/lpd/oc81p8707/filter-errors: No such file or directory
> touch: /var/spool/lpd/oc81p8707/accounting-file: No such file or
> directory
> /var/spool/lpd/oc81p8707/minfree: No such file or directory.
>
> did I miss something?
Yes. Scripts can't utilize setuid/setgid.
You can rewrite the script in perl and use the setuid perl interpreter
(which is basically a workaround for this) or install sudo and give the
script the ability to call sudo before executing commands that require
elevated priviledges.
--
Bill Moran
Potential Technologies
http://www.potentialtech.com
More information about the freebsd-questions
mailing list