Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 10 Jun 1997 20:13:49 +0000 (GMT)
From:      spork <spork@super-g.com>
To:        "Joshua J. Ellis" <ellis@kcc.com>
Cc:        freebsd-questions@freebsd.org
Subject:   Re: Set execution UID on script
Message-ID:  <Pine.BSF.3.95q.970610194033.27049D-100000@super-g.inch.com>
In-Reply-To: <01BC75C2.A3B27CA0.ellis@kcc.com>

next in thread | previous in thread | raw e-mail | index | archive | help
Hi,

I'm not sure how safe this is, but I do know that for it to work, you'll
need permissions set like so:

-r-sr-x---

This means that it is setuid root and that anyone in the group that has
ownership of it may execute it as root.  Previously you were making it
setgid staff, which is wrong...

Perhaps someone could comment on how to make sure this is safe???

Charles


 On Tue, 10 Jun 1997, Joshua J. Ellis
wrote:

> 
> I'm missing something on a script I'm attempting to setup for an 
> administration group.  The script is this:
> 
> #!/bin/sh
> kill -hup `cat /var/run/named.hup`
> 
> I then do a "chown root:staff rs-named" followed by a "chmod 6750 rs-named". 
>  That gives me an set of permissions like this:
> 
> -rwsr-s---  1 root  staff      46 Jun 10 16:56 rs-named
> 
> Shouldn't this allow users of the 'staff' group to successfully execute this 
> command?  When I try to execute it as anyone but root, I get the following 
> error:
> 
> kill: 230: Operation not permitted
> 
> 230 is the PID of named.  If it is executing as root, why is kill refusing to 
> send a message to the process?
> 
> -joshua
> --
> ****[ S-D-G ]***************************************[-0.8090169943749]***
> Joshua Ellis, IS Consultant - Omni Resources, Green Bay, WI (800)236-2332
> ellis@kcc.com                               http://www.kimberly-clark.com
> joshe@elltech.com                           http://www.joshua.elltech.com
>  > poet-apostate-philosopher-musician-pinhead-hwarang-webmaestro-japh <
> *************************************************************************
> 
> 




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.95q.970610194033.27049D-100000>