From owner-freebsd-security  Mon Dec 10  8: 7:43 2001
Delivered-To: freebsd-security@freebsd.org
Received: from straylight.ringlet.net (sentinel.office1.bg [217.75.134.126])
	by hub.freebsd.org (Postfix) with SMTP id 4C2F837B416
	for <security@freebsd.org>; Mon, 10 Dec 2001 08:07:35 -0800 (PST)
Received: (qmail 28353 invoked by uid 1000); 10 Dec 2001 16:06:39 -0000
Date: Mon, 10 Dec 2001 18:06:39 +0200
From: Peter Pentchev <roam@ringlet.net>
To: Sheldon Hearn <sheldonh@starjuice.net>
Cc: Ronan Lucio <ronan@melim.com.br>, security@freebsd.org
Subject: Re: Accessing as root
Message-ID: <20011210180639.J757@straylight.oblivion.bg>
Mail-Followup-To: Sheldon Hearn <sheldonh@starjuice.net>,
	Ronan Lucio <ronan@melim.com.br>, security@freebsd.org
References: <60355.1008000080@axl.seasidesoftware.co.za> <60409.1008000194@axl.seasidesoftware.co.za>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <60409.1008000194@axl.seasidesoftware.co.za>; from sheldonh@starjuice.net on Mon, Dec 10, 2001 at 06:03:14PM +0200
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

On Mon, Dec 10, 2001 at 06:03:14PM +0200, Sheldon Hearn wrote:
> 
> 
> On Mon, 10 Dec 2001 18:01:20 +0200, Sheldon Hearn wrote:
> 
> > > I need to make some scripts to change the password and another
> > > things like that need root permissions, but:
> > > 
> > > How can I do it without opening a security hole in the server?
> > > What is the best way to do it?
> > 
> > 1) Limit exposure to just those commands that need privelege, by passing
> >    your command as arguments to the su(1) command.
> 
> This is stupid advice, sorry.
> 
> You need to make your script setuid root (see chmod(1)).  If the script
> is big, or does complex input handling, consider breaking out the part
> that needs privelege into its own smaller script, called by a wrapper
> that does input sanity checking.
> 
> Ultimately, you want to limit the privelege to as little work as
> possible.

And then, of course, there is the security/sudo port, which lets you
specify which uid's are allowed to execute which commands as root or
whatever other uid, with or without passwords, with or without controlling
terminals.

G'luck,
Peter

-- 
I am not the subject of this sentence.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message