Established method to enable suid scripts?
perryh at pluto.rain.com
perryh at pluto.rain.com
Sat May 14 06:48:42 UTC 2011
Chris Telting <christopher-ml at telting.org> wrote:
> let me ask you.. is "sudo ping" acceptable? Please explain the
> logical reason why not. It would be the preferred method if suid
> didn't exist and sudo was part of the base system.
Without suid there would be no sudo ;)
Part of the reason for ping being suid is historical -- it predates
the existence of sudo -- but it is nevertheless a very good example
of a program that really should be suid in its own right.
* It needs to run with root privileges (so it can bind a raw socket
IIRC).
* It should be executable, with some restrictions on the intensity
of the traffic it will generate, by any user. (Granted many users
have no clue what ping does or how to interpret the results, but
it is often one of the first things a phone-support tech asks for
if it looks as if the caller's problem might be network related.
The user needs to be able to run the command so as to read back
the results.)
* Those restrictions are removed when it is run by root (who is
presumed to know the implications).
Yes, ping could be non-sudo and the restrictions could be imposed by
sudo, but this would come at a cost:
- Most if not all system users would need to be listed in the
sudoers file, so that they could execute ping in connection with
suspected network problems (see above).
- The command parameters would have to be parsed twice (once by sudo
to decide whether to allow the operation, then again by ping to
find out what it is supposed to do).
More information about the freebsd-questions
mailing list