From owner-freebsd-questions@freebsd.org  Fri Feb 19 21:11:16 2016
Return-Path: <owner-freebsd-questions@freebsd.org>
Delivered-To: freebsd-questions@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 72E99AAD3D1
 for <freebsd-questions@mailman.ysv.freebsd.org>;
 Fri, 19 Feb 2016 21:11:16 +0000 (UTC)
 (envelope-from freebsd@edvax.de)
Received: from mx01.qsc.de (mx01.qsc.de [213.148.129.14])
 (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 39037107A
 for <freebsd-questions@freebsd.org>; Fri, 19 Feb 2016 21:11:15 +0000 (UTC)
 (envelope-from freebsd@edvax.de)
Received: from r56.edvax.de (port-92-195-96-7.dynamic.qsc.de [92.195.96.7])
 (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by mx01.qsc.de (Postfix) with ESMTPS id D4DAA3D18A;
 Fri, 19 Feb 2016 22:11:12 +0100 (CET)
Received: from r56.edvax.de (localhost [127.0.0.1])
 by r56.edvax.de (8.14.5/8.14.5) with SMTP id u1JLBBH4003194;
 Fri, 19 Feb 2016 22:11:12 +0100 (CET)
 (envelope-from freebsd@edvax.de)
Date: Fri, 19 Feb 2016 22:11:11 +0100
From: Polytropon <freebsd@edvax.de>
To: Arthur Chance <freebsd@qeng-ho.org>
Cc: freebsd-questions@freebsd.org
Subject: Re: minimize use of root account
Message-Id: <20160219221111.5ead3364.freebsd@edvax.de>
In-Reply-To: <56C72C45.2050606@qeng-ho.org>
References: <CACo--mv9qU2ZwtTuZRQBpioEr+enT=sd-SJ79BFumZt5aL18jg@mail.gmail.com>
 <20160219120503.fc97ef10.freebsd@edvax.de>
 <56C72C45.2050606@qeng-ho.org>
Reply-To: Polytropon <freebsd@edvax.de>
Organization: EDVAX
X-Mailer: Sylpheed 3.1.1 (GTK+ 2.24.5; i386-portbld-freebsd8.2)
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions/>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 19 Feb 2016 21:11:16 -0000

On Fri, 19 Feb 2016 14:52:53 +0000, Arthur Chance wrote:
> On 19/02/2016 11:05, Polytropon wrote:
> > On Fri, 19 Feb 2016 16:29:43 +1100, Yudi V wrote:
> >> Hi all,
> >>
> >> currently I use the below script to load geli devices and import zpool. It
> >> needs to be run as root.
> >> how to run this script as normal user, is there a group that the user needs
> >> to be part of?
> >
> > No, not for this task.
> >
> > There are different ways to do it.
> >
> > 1. You can set the script itself to "run as root" (chmod +s) when
> >     the script is owned by root:root. Regular users may then execute it.
> 
> I thought suid scripts were disabled years ago because they were a major 
> security loophole?

You're right - it's the case.

% ll root_test.sh 
-rwsr-sr-x  1 poly  poly  24 2016-02-19 19:25:20 root_test.sh*

% cat root_test.sh
#!/bin/sh
id -u
whoami

% ./root_test.sh
2000
poly

% sudo ./root_test.sh
0
root

I think this is fully intended.



-- 
Polytropon
Magdeburg, Germany
Happy FreeBSD user since 4.0
Andra moi ennepe, Mousa, ...