From owner-freebsd-questions Wed Jun 11 04:19:46 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.5/8.8.5) id EAA16947 for questions-outgoing; Wed, 11 Jun 1997 04:19:46 -0700 (PDT) Received: from mail.EUnet.hu (www.eunet.hu [193.225.28.100]) by hub.freebsd.org (8.8.5/8.8.5) with ESMTP id EAA16942 for ; Wed, 11 Jun 1997 04:19:33 -0700 (PDT) Received: by mail.EUnet.hu, id NAA25243; Wed, 11 Jun 1997 13:19:15 +0200 Received: (from zgabor@localhost) by CoDe.hu (8.7.5/8.7.3) id JAA00215; Wed, 11 Jun 1997 09:07:19 +0200 (MET DST) From: Zahemszky Gabor Message-Id: <199706110707.JAA00215@CoDe.hu> Subject: Re: Set execution UID on script To: freebsd-questions@freebsd.org (FreeBSD questions) Date: Wed, 11 Jun 1997 09:07:19 +0200 (MET DST) Cc: ellis@kcc.com In-Reply-To: <01BC75C2.A3B27CA0.ellis@kcc.com> from "Joshua J. Ellis" at "Jun 10, 97 05:20:47 pm" X-Mailer: ELM [version 2.4ME+ PL11 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-questions@freebsd.org X-Loop: FreeBSD.org Precedence: bulk > > I'm missing something on a script I'm attempting to setup for an > administration group. The script is this: > > #!/bin/sh > kill -hup `cat /var/run/named.hup` > > I then do a "chown root:staff rs-named" followed by a "chmod 6750 rs-named". > That gives me an set of permissions like this: > > -rwsr-s--- 1 root staff 46 Jun 10 16:56 rs-named > > Shouldn't this allow users of the 'staff' group to successfully execute this > command? When I try to execute it as anyone but root, I get the following > error: > > kill: 230: Operation not permitted > > 230 is the PID of named. If it is executing as root, why is kill refusing to > send a message to the process? Under most modern Unices (and FreeBSD, too) setuid or setgid doesn't work on scripts. It's a security feature, not a bug. By the way, what's wrong with ndc script, which is part of the operating system? (Well, it hasn't got suid/sgid, of course.) # ndc reload If you have to run it suid/sgid, write a little C program (well, you can do it with perl sperl, but it would be better - I think - in C). Gabor -- #!/bin/ksh Z='21N16I25C25E30, 40M30E33E25T15U!' ;IFS=' ABCDEFGHIJKLMNOPQRSTUVWXYZ ';set $Z;for i { [[ $i = ? ]]&&print $i&&break;[[ $i = ??? ]]&&j=$i&&i=${i%?};typeset -i40 i=8#$i;print -n ${i#???};[[ "$j" = ??? ]]&&print -n "${j#??} "&&j=;typeset +i i;};IFS=' 0123456789 ';set $Z;X=;for i { [[ $i = , ]]&&i=2;[[ $i = ?? ]]||typeset -l i;X="$X $i";typeset +l i;};print "$X"