Date: Fri, 24 Jul 2009 22:47:43 -0300 From: "Carlos A. M. dos Santos" <unixmania@gmail.com> To: Anthony Pankov <ap00@mail.ru> Cc: freebsd-hackers@freebsd.org Subject: Re: SGID/SUID on scripts Message-ID: <e71790db0907241847g54a181ffkd0acf6ba15d98878@mail.gmail.com> In-Reply-To: <19939654343.20090722214221@mail.ru> References: <19939654343.20090722214221@mail.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Jul 22, 2009 at 2:42 PM, Anthony Pankov<ap00@mail.ru> wrote: > > SGID/SUID bits don't work with shell scripts, do they? No. A possible workaround is have a SUID/SGID version of you interpreter and use it. Something like # pw groupadd -n sush -g 401 # cp /bin/sh /bin/sush # chown root:sush /bin/sush # chmod 4750 /bin/sush # pw usermod johndoe -G sush Then start your script with "#!/bin/sush" and user johndoe,as well as any member of the "sush" group will be able to it run as root. I think I don't need to warn you that they will be able to run *any* command as root, in fact. For a better approach, consider using sudo, instead (/usr/ports/security/sudo). -- My preferred quotation of Robert Louis Stevenson is "You cannot make an omelette without breaking eggs". Not because I like the omelettes, but because I like the sound of eggs being broken.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?e71790db0907241847g54a181ffkd0acf6ba15d98878>