From owner-freebsd-questions@FreeBSD.ORG Sat Aug 29 16:07:22 2009 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 2380E106564A for ; Sat, 29 Aug 2009 16:07:22 +0000 (UTC) (envelope-from jerrymc@gizmo.acns.msu.edu) Received: from gizmo.acns.msu.edu (gizmo.acns.msu.edu [35.8.1.43]) by mx1.freebsd.org (Postfix) with ESMTP id DAE198FC12 for ; Sat, 29 Aug 2009 16:07:21 +0000 (UTC) Received: from gizmo.acns.msu.edu (localhost [127.0.0.1]) by gizmo.acns.msu.edu (8.13.6/8.13.6) with ESMTP id n7TG3aEb039007; Sat, 29 Aug 2009 12:03:36 -0400 (EDT) (envelope-from jerrymc@gizmo.acns.msu.edu) Received: (from jerrymc@localhost) by gizmo.acns.msu.edu (8.13.6/8.13.6/Submit) id n7TG3ajR039006; Sat, 29 Aug 2009 12:03:36 -0400 (EDT) (envelope-from jerrymc) Date: Sat, 29 Aug 2009 12:03:36 -0400 From: Jerry McAllister To: Tim Judd Message-ID: <20090829160336.GA38967@gizmo.acns.msu.edu> References: <87y6p4pbd0.fsf@kobe.laptop> <20090829022431.5841d4de@gumby.homeunix.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.4.2.2i Cc: RW , freebsd-questions@freebsd.org Subject: Re: SUID permission on Bash script X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 29 Aug 2009 16:07:22 -0000 On Fri, Aug 28, 2009 at 08:10:59PM -0600, Tim Judd wrote: > On 8/28/09, RW wrote: > > On Fri, 28 Aug 2009 11:54:19 +0300 > > Giorgos Keramidas wrote: > > > >> On Fri, 28 Aug 2009 09:24:35 +0100, Jeronimo Calvo > >> wrote: > > > >> > As far as i know, using SUID, script must runs with root > >> > permissions... so i shoudnt get "Permission denied", what im doing > >> > wrong?? > >> > >> No it must not. There are security reasons why shell scripts are not > >> setuid-capable. You can find some of them in the archives of the > >> mailing list, going back at least until 1997. > > > > I'm bit puzzled by this, previous threads have given the impression > > that this is a myth, for example: > > > > http://www.mail-archive.com/freebsd-questions@freebsd.org/msg185134.html > > > > So are scripts actually incapable of running setuid? > > > Dunno, but this dawns on me.. > > what defines a script? I've always defined a script that starts with > a #! shebang. > > So the script can be SUID, but the interpreter/shell isn't. Is that > why it doesn't work? It doesn't work because the system does not allow it - for security reasons. You could fish around and defeat that but don't. The most common way to get around it is create a tiny binary that can run Setuid which merely invokes your script. The better way is to use Sudo as has been suggested already in this thread. ////jerry > > > --Tim > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org"