From owner-freebsd-questions@FreeBSD.ORG Fri Aug 28 09:01:56 2009 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id F1CBD1065670 for ; Fri, 28 Aug 2009 09:01:56 +0000 (UTC) (envelope-from jeronimocalvop@googlemail.com) Received: from mail-bw0-f206.google.com (mail-bw0-f206.google.com [209.85.218.206]) by mx1.freebsd.org (Postfix) with ESMTP id 710AD8FC15 for ; Fri, 28 Aug 2009 09:01:56 +0000 (UTC) Received: by bwz2 with SMTP id 2so1377264bwz.43 for ; Fri, 28 Aug 2009 02:01:55 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=gamma; h=domainkey-signature:mime-version:received:in-reply-to:references :date:message-id:subject:from:to:content-type; bh=Rj2tjvCGol5zOvHy6LZIwl+u3p448L8ukGKEDrhLwGA=; b=WLmkHrbQ/OlwPcD1O36ko9cYaXxXxepHI7+MZX4U3XAFC5mZAIaKv9m6AsMNOt/DlY r3cL0gRlagMEPUg9vwuy0YYDvceUyYGbEe9zaf/g1fu3BF9VP0ORVgtQycvob/1Moplu /MIKWgGsw8wbBvMO2+G0feXHwWyn+vNkvIy6g= DomainKey-Signature: a=rsa-sha1; c=nofws; d=googlemail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; b=lGl3Xc0GbLIPmQGxIQyJ4kJ3kPl9KZAikDICqedniuAiyQja89Zzl9+Hr3cDTX/XZ0 kWU0IajKbZ0wCCHAfozXx3C8mloEdj/px2lYx8+FXQj9FVM/O3h/Sx2S/hn0AKAKlsDA +YXv98VU/joeQCIufvUFxIk28PGgZIRDXJpyg= MIME-Version: 1.0 Received: by 10.102.226.17 with SMTP id y17mr139057mug.67.1251450114792; Fri, 28 Aug 2009 02:01:54 -0700 (PDT) In-Reply-To: References: <87y6p4pbd0.fsf@kobe.laptop> Date: Fri, 28 Aug 2009 10:01:54 +0100 Message-ID: From: Jeronimo Calvo To: freebsd-questions@freebsd.org Content-Type: text/plain; charset=ISO-8859-1 X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Subject: Re: SUID permission on Bash script X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 28 Aug 2009 09:01:57 -0000 Aham! so SUID can be applied to sh but it doesn't work!, there is not anyway to apply it? apart from installing sudo?, The thing is that installing sudo and adding that user into sudoers, that user will be capable to do any other SU tasks, apart of shutting down... wich i dont like :D (I know that SUID could be even worst if they edit the .sh file... but lets believe they dont even know that XD) Cheers! 2009/8/28 Giorgos Keramidas On Fri, 28 Aug 2009 09:24:35 +0100, Jeronimo Calvo < > jeronimocalvop@googlemail.com> wrote: > > Hi folks! > > > > Im trying to set up a reaaallly basic scrip to allow one user to shutdown > my > > machine without root permisions, seting up SUID as follows: > > > > > > -rwsrwxr-- 1 root wheel 38 Aug 27 23:12 apagar.sh > > > > $ ./apagar.sh > > > > Permission denied > > > > > > content of script: > > > > > > cat apagar.sh > > > > ]#!/usr/local/bin/bash > > shutdown -p now > > > > As far as i know, using SUID, script must runs with root > > permissions... so i shoudnt get "Permission denied", what im doing > > wrong?? > > No it must not. There are security reasons why shell scripts are not > setuid-capable. You can find some of them in the archives of the > mailing list, going back at least until 1997. > > The good thing is that you don't need a shell script to do that. You > can install `sudo' and give permission to the specific user to run: > > sudo shutdown -p now > >