[prev in list] [next in list] [prev in thread] [next in thread]
List: freebsd-hackers
Subject: Re: SGID/SUID on scripts
From: "Carlos A. M. dos Santos" <unixmania () gmail ! com>
Date: 2009-07-25 1:47:43
Message-ID: e71790db0907241847g54a181ffkd0acf6ba15d98878 () mail ! gmail ! com
[Download RAW message or body]
On Wed, Jul 22, 2009 at 2:42 PM, Anthony Pankov<ap00@mail.ru> wrote:
>
> SGID/SUID bits don't work with shell scripts, do they?
No. A possible workaround is have a SUID/SGID version of you
interpreter and use it. Something like
# pw groupadd -n sush -g 401
# cp /bin/sh /bin/sush
# chown root:sush /bin/sush
# chmod 4750 /bin/sush
# pw usermod johndoe -G sush
Then start your script with "#!/bin/sush" and user johndoe,as well as
any member of the "sush" group will be able to it run as root. I think
I don't need to warn you that they will be able to run *any* command
as root, in fact. For a better approach, consider using sudo, instead
(/usr/ports/security/sudo).
--
My preferred quotation of Robert Louis Stevenson is "You cannot
make an omelette without breaking eggs". Not because I like the
omelettes, but because I like the sound of eggs being broken.
_______________________________________________
freebsd-hackers@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-hackers
To unsubscribe, send any mail to "freebsd-hackers-unsubscribe@freebsd.org"
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic