From owner-freebsd-questions@FreeBSD.ORG Wed May 11 02:19:32 2011 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 32914106566C for ; Wed, 11 May 2011 02:19:32 +0000 (UTC) (envelope-from Devin.Teske@fisglobal.com) Received: from mx1.fisglobal.com (mx1.fisglobal.com [199.200.24.190]) by mx1.freebsd.org (Postfix) with ESMTP id F31518FC0A for ; Wed, 11 May 2011 02:19:31 +0000 (UTC) Received: from sbhfislrext01.fnfis.com ([192.168.249.167]) by SCSFISLTC01 (8.14.3/8.14.3) with ESMTP id p4B2JUX5007957; Tue, 10 May 2011 21:19:30 -0500 Received: from sbhfisltcgw02.FNFIS.COM (Not Verified[10.132.248.122]) by sbhfislrext01.fnfis.com with MailMarshal (v6, 5, 4, 7535) id ; Tue, 10 May 2011 21:19:31 -0500 Received: from SBHFISLTCGW07.FNFIS.COM ([10.132.248.135]) by sbhfisltcgw02.FNFIS.COM with Microsoft SMTPSVC(6.0.3790.4675); Tue, 10 May 2011 21:19:30 -0500 Received: from [10.0.0.102] ([10.132.254.136]) by SBHFISLTCGW07.FNFIS.COM over TLS secured channel with Microsoft SMTPSVC(6.0.3790.4675); Tue, 10 May 2011 21:19:30 -0500 Mime-Version: 1.0 (Apple Message framework v1084) Content-Type: text/plain; charset=us-ascii From: Devin Teske In-Reply-To: <4DC9DE2C.6070605@telting.org> Date: Tue, 10 May 2011 19:19:29 -0700 Content-Transfer-Encoding: quoted-printable Message-Id: References: <4DC9DE2C.6070605@telting.org> To: Chris Telting X-Mailer: Apple Mail (2.1084) X-OriginalArrivalTime: 11 May 2011 02:19:30.0431 (UTC) FILETIME=[DC12A8F0:01CC0F81] Cc: freebsd-questions@freebsd.org Subject: Re: Established method to enable suid scripts? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 11 May 2011 02:19:32 -0000 On May 10, 2011, at 5:54 PM, Chris Telting wrote: > I've googled for over an hour. >=20 > I'm not looking to get into a discussion on security or previous bugs tha= t are currently fixed. Suid in and of itself is a security issue. But if = you are using suid it it should work; I don't want to use a kludge and I do= n't want to use sudo. I'm hoping it's a setting that is just disabled by d= efault. The reason that the suid bit doesn't work on scripts (shell, perl, or other= wise) is because these are essentially text files that are interpreted by t= heir associated interpreter. It is the interpreter itself that must be suid. In other words, you'd have to do this (*WARNING* highly inadvisable -- even= for the OP): sudo chmod u+s /bin/sh before you could have a shell script such as this: #!/bin/sh : anything run as the suid user (the owner of /bin/sh -- usually root). --=20 Devin _____________ The information contained in this message is proprietary and/or confidentia= l. If you are not the intended recipient, please: (i) delete the message an= d all copies; (ii) do not disclose, distribute or use the message in any ma= nner; and (iii) notify the sender immediately. In addition, please be aware= that any message addressed to our domain is subject to archiving and revie= w by persons other than the intended recipient. Thank you. _____________