From owner-freebsd-questions Fri Dec 13 12: 8: 5 2002 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7325A37B401 for ; Fri, 13 Dec 2002 12:08:04 -0800 (PST) Received: from dan.emsphone.com (dan.emsphone.com [199.67.51.101]) by mx1.FreeBSD.org (Postfix) with ESMTP id 94CA143EC5 for ; Fri, 13 Dec 2002 12:08:03 -0800 (PST) (envelope-from dan@dan.emsphone.com) Received: (from dan@localhost) by dan.emsphone.com (8.12.6/8.12.6) id gBDK7xFq016886; Fri, 13 Dec 2002 14:07:59 -0600 (CST) (envelope-from dan) Date: Fri, 13 Dec 2002 14:07:59 -0600 From: Dan Nelson To: "Jason L. Schwab" Cc: freebsd-questions@FreeBSD.ORG Subject: Re: chmod question Message-ID: <20021213200758.GA27316@dan.emsphone.com> References: <20021213125137.X69651-100000@brittney.jlschwab.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20021213125137.X69651-100000@brittney.jlschwab.com> X-OS: FreeBSD 5.0-RC X-message-flag: Outlook Error User-Agent: Mutt/1.5.1i Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG In the last episode (Dec 13), Jason L. Schwab said: > Heya Folks; > > I came accross a file on a friend of mine's machine and I was > wondering how via chmod you could come up with the follow > permissions (ls -la on the file) > > -rwx--s--- > > I tried doing chmod u+rwx and then g+s but then I get -rwx--S--- and > it does not work correctly. The idea behind this is to have a shell > script that can be ran as suid by a group of people, but the actual > script code can not be seen. When you do an ls, the setuid and executable bits get displayed on the same character position. setuid exec char ====== ==== ==== 0 0 - 0 1 x 1 0 S 1 1 s Try chmod u=rwx,g=sx. This doesn't work, though, since setuid bits on shell scripts do nothing. The kernel actually executes shell scripts as "/bin/sh command", so the setuid bit is never checked. Take a look at the "sudo" utility, which will let you do what you want. -- Dan Nelson dnelson@allantgroup.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message