From owner-freebsd-questions  Tue Jun 10 17:04:09 1997
Return-Path: <owner-questions>
Received: (from root@localhost)
          by hub.freebsd.org (8.8.5/8.8.5) id RAA14249
          for questions-outgoing; Tue, 10 Jun 1997 17:04:09 -0700 (PDT)
Received: from super-g.inch.com (super-g.com [204.178.32.161])
          by hub.freebsd.org (8.8.5/8.8.5) with ESMTP id RAA14154
          for <freebsd-questions@freebsd.org>; Tue, 10 Jun 1997 17:04:00 -0700 (PDT)
Received: from localhost (spork@localhost) by super-g.inch.com (8.8.5/8.6.9) with SMTP id UAA27627; Tue, 10 Jun 1997 20:13:50 GMT
Date: Tue, 10 Jun 1997 20:13:49 +0000 (GMT)
From: spork <spork@super-g.com>
X-Sender: spork@super-g.inch.com
To: "Joshua J. Ellis" <ellis@kcc.com>
cc: freebsd-questions@freebsd.org
Subject: Re: Set execution UID on script
In-Reply-To: <01BC75C2.A3B27CA0.ellis@kcc.com>
Message-ID: <Pine.BSF.3.95q.970610194033.27049D-100000@super-g.inch.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-questions@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk

Hi,

I'm not sure how safe this is, but I do know that for it to work, you'll
need permissions set like so:

-r-sr-x---

This means that it is setuid root and that anyone in the group that has
ownership of it may execute it as root.  Previously you were making it
setgid staff, which is wrong...

Perhaps someone could comment on how to make sure this is safe???

Charles


 On Tue, 10 Jun 1997, Joshua J. Ellis
wrote:

> 
> I'm missing something on a script I'm attempting to setup for an 
> administration group.  The script is this:
> 
> #!/bin/sh
> kill -hup `cat /var/run/named.hup`
> 
> I then do a "chown root:staff rs-named" followed by a "chmod 6750 rs-named". 
>  That gives me an set of permissions like this:
> 
> -rwsr-s---  1 root  staff      46 Jun 10 16:56 rs-named
> 
> Shouldn't this allow users of the 'staff' group to successfully execute this 
> command?  When I try to execute it as anyone but root, I get the following 
> error:
> 
> kill: 230: Operation not permitted
> 
> 230 is the PID of named.  If it is executing as root, why is kill refusing to 
> send a message to the process?
> 
> -joshua
> --
> ****[ S-D-G ]***************************************[-0.8090169943749]***
> Joshua Ellis, IS Consultant - Omni Resources, Green Bay, WI (800)236-2332
> ellis@kcc.com                               http://www.kimberly-clark.com
> joshe@elltech.com                           http://www.joshua.elltech.com
>  > poet-apostate-philosopher-musician-pinhead-hwarang-webmaestro-japh <
> *************************************************************************
> 
>