Date: Wed, 4 Aug 2004 09:09:25 -0400 From: Bill Moran <wmoran@potentialtech.com> To: Paredes =?ISO-8859-1?Q?S=E1nchez_Mart=EDn?= A. <mparedes@telmex.com> Cc: FreeBSD-Questions@FreeBSD.org Subject: Re: The set-user-ID-on-execution Message-ID: <20040804090925.0868e1e3.wmoran@potentialtech.com> In-Reply-To: <E3F56D7842656F4484C5668BC4D7F298042C18@is~tmxmailhmo1.intranet.telmex.com> References: <E3F56D7842656F4484C5668BC4D7F298042C18@is~tmxmailhmo1.intranet.telmex.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Paredes S=E1nchez Mart=EDn A. <mparedes@telmex.com> wrote: >=20 > Hi: >=20 > I made a script (for tcsh shell) which add a printer to the system > (made directories, files, security and made some validations) but > need root access to accomplish this task. >=20 > my solution was to setuid the scripts been root >=20 > # chown root:admin-hmo *.tcsh > # chmod u=3Dswrx,g=3Drx,o=3D *.tcsh > # ls -l > total 4 > -rwsr-x--- 1 root admin-hmo 2024 Aug 3 04:07 impresora.tcsh > -rwsr-x--- 1 root admin-hmo 275 Jul 30 02:26 seguridad.tcsh >=20 > The first line of the script is #!/bin/tcsh -fb >=20 > But when I run the script been other user I had problem with > the permissions >=20 > > impresora.tcsh oc81p8707 p1ct203 psct203 raw > mkdir: /var/spool/lpd/oc81p8707: Permission denied > touch: /var/spool/lpd/oc81p8707/filter-errors: No such file or directory > touch: /var/spool/lpd/oc81p8707/accounting-file: No such file or > directory > /var/spool/lpd/oc81p8707/minfree: No such file or directory. >=20 > did I miss something? Yes. Scripts can't utilize setuid/setgid. You can rewrite the script in perl and use the setuid perl interpreter (which is basically a workaround for this) or install sudo and give the script the ability to call sudo before executing commands that require elevated priviledges. --=20 Bill Moran Potential Technologies http://www.potentialtech.com
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040804090925.0868e1e3.wmoran>