Date: Mon, 4 Aug 1997 13:25:57 -0600 (MDT) From: FreeBSD Mailing List <freebsd@atipa.com> To: "Jonathan A. Zdziarski" <jonz@netrail.net> Cc: ports@freebsd.org, security@freebsd.org Subject: Re: SetUID Message-ID: <Pine.BSF.3.91.970804131806.8529A-100000@dot.ishiboo.com> In-Reply-To: <Pine.BSF.3.95q.970804101114.16615D-100000@netrail.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Johnathan, As far as I know, shell scripts can not bet setuid root. You would need to setuid root all the binaries evoked from the shell, which is not a great idea. You could instead write a setuid "wrapper" of some sort that runs a shell script (or set of scripts), using c, c++, etc. Kevin On Mon, 4 Aug 1997, Jonathan A. Zdziarski wrote: > Not sure if this is the right forum for this but... > > I recently, in an attempt to make my FreeBSD a litle more system Vish > like I'm used to, create a set of /sbin/init.d scripts to start and stop > services, and wired this and rc3.d into /etc/rc. It works fine, but then > I took it a step further, and made the noc-executable, and noc-setuid root > so that anybody in the noc could restart them without having to be in sudo > for it. For some odd reason (and this may just be a FreeBSD thing that > I'm not used to), I get the error that the script doesn't have permission > to kill the current running process (most which are running as root) even > though it's setuid (I've tried setuid and setgid as well). Now I'm used > to setuid programs running AS root - having basically superuser abilities, > but that appears to be different here. Could someone explain to me how to > set up a setuid program that acts like its a real setuid program (su) to > do something like this? > > > ------------------------------------------------------------------------- > Jonathan A. Zdziarski NetRail Incorporated > Server Engineering Manager 230 Peachtree St. Suite 500 > jonz@netrail.net Atlanta, GA 30303 > http://www.netrail.net (888) - NETRAIL > ------------------------------------------------------------------------- > >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.91.970804131806.8529A-100000>