From owner-freebsd-questions@FreeBSD.ORG  Mon Apr 11 14:11:20 2005
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id F045A16A4CE
	for <freebsd-questions@freebsd.org>;
	Mon, 11 Apr 2005 14:11:20 +0000 (GMT)
Received: from wproxy.gmail.com (wproxy.gmail.com [64.233.184.195])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 47B4443D1D
	for <freebsd-questions@freebsd.org>;
	Mon, 11 Apr 2005 14:11:20 +0000 (GMT)
	(envelope-from freminlins@gmail.com)
Received: by wproxy.gmail.com with SMTP id 67so2796519wri
	for <freebsd-questions@freebsd.org>;
	Mon, 11 Apr 2005 07:11:19 -0700 (PDT)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
	s=beta; d=gmail.com;
	h=received:message-id:date:from:reply-to:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:references;
	b=amWRLebcFXevayySVLyGGesABKiaIOKtW7kSG6xpCqk6FUJqm7/kHCB4btLsJX2xLRpWzHxw5yUEyYmTmsrX8/NijuZGNF/fSxMK5JViiFOEL7Z1Xpqfg4wPEYRBHv0iegudxoPlFSijXJEfW+sBu12JTZeg1AzJYQU19yBpu1Y=
Received: by 10.54.55.61 with SMTP id d61mr2323571wra;
        Mon, 11 Apr 2005 07:11:18 -0700 (PDT)
Received: by 10.54.94.3 with HTTP; Mon, 11 Apr 2005 07:11:18 -0700 (PDT)
Message-ID: <eeef1a4c05041107111f868d4c@mail.gmail.com>
Date: Mon, 11 Apr 2005 15:11:18 +0100
From: Freminlins <freminlins@gmail.com>
To: tim@tjstephens.com, freebsd-questions@freebsd.org
In-Reply-To: <20050411135117.GA5816@tjstephens.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
References: <20050411135117.GA5816@tjstephens.com>
Subject: Re: set-uid bit: where am I going wrong?
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
Reply-To: Freminlins <freminlins@gmail.com>
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 11 Apr 2005 14:11:21 -0000

On Apr 11, 2005 2:51 PM, Tim Stephens <tim@tjstephens.com> wrote:

> Clearly the file is owned by root, and I kept it as part of my group. I've read the man pages, and believe that when I call the script, it will assume root's permissions. It doesn't, so where am I going wrong?

FreeBSD does not support setuid scripts. They are inherently insecure.
You have some options though to your problem. You could run the script
directly as root, which is what you are trying to do. Or you could
write a wrapper round your script, which may seem like overkill.

Given that you trust your script enough to try to run it setuid, I
would go for the first option. Make sure the script cannot be altered
by anyone other than root, then run it as root.

> Thanks,
> Tim

Frem.