Date: Wed, 11 Jun 1997 09:07:19 +0200 (MET DST) From: Zahemszky Gabor <zgabor@CoDe.hu> To: freebsd-questions@freebsd.org (FreeBSD questions) Cc: ellis@kcc.com Subject: Re: Set execution UID on script Message-ID: <199706110707.JAA00215@CoDe.hu> In-Reply-To: <01BC75C2.A3B27CA0.ellis@kcc.com> from "Joshua J. Ellis" at "Jun 10, 97 05:20:47 pm"
next in thread | previous in thread | raw e-mail | index | archive | help
>
> I'm missing something on a script I'm attempting to setup for an
> administration group. The script is this:
>
> #!/bin/sh
> kill -hup `cat /var/run/named.hup`
>
> I then do a "chown root:staff rs-named" followed by a "chmod 6750 rs-named".
> That gives me an set of permissions like this:
>
> -rwsr-s--- 1 root staff 46 Jun 10 16:56 rs-named
>
> Shouldn't this allow users of the 'staff' group to successfully execute this
> command? When I try to execute it as anyone but root, I get the following
> error:
>
> kill: 230: Operation not permitted
>
> 230 is the PID of named. If it is executing as root, why is kill refusing to
> send a message to the process?
Under most modern Unices (and FreeBSD, too) setuid or setgid doesn't work on
scripts. It's a security feature, not a bug. By the way, what's wrong with
ndc script, which is part of the operating system? (Well, it hasn't got
suid/sgid, of course.)
# ndc reload
If you have to run it suid/sgid, write a little C program (well, you can do
it with perl sperl, but it would be better - I think - in C).
Gabor
--
#!/bin/ksh
Z='21N16I25C25E30, 40M30E33E25T15U!' ;IFS=' ABCDEFGHIJKLMNOPQRSTUVWXYZ ';set $Z;for i { [[ $i = ? ]]&&print $i&&break;[[ $i = ??? ]]&&j=$i&&i=${i%?};typeset -i40 i=8#$i;print -n ${i#???};[[ "$j" = ??? ]]&&print -n "${j#??} "&&j=;typeset +i i;};IFS=' 0123456789 ';set $Z;X=;for i { [[ $i = , ]]&&i=2;[[ $i = ?? ]]||typeset -l i;X="$X $i";typeset +l i;};print "$X"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199706110707.JAA00215>