From owner-freebsd-questions@FreeBSD.ORG Wed May 11 05:13:11 2011 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id E5458106564A for ; Wed, 11 May 2011 05:13:11 +0000 (UTC) (envelope-from christopher-ml@telting.org) Received: from mail.telting.org (mail.telting.org [204.109.56.249]) by mx1.freebsd.org (Postfix) with ESMTP id C05C98FC15 for ; Wed, 11 May 2011 05:13:11 +0000 (UTC) Received: from ares.local (cpe-76-168-204-255.socal.res.rr.com [76.168.204.255]) by mail.telting.org (Postfix) with ESMTP id 8995B2846A; Wed, 11 May 2011 05:13:10 +0000 (UTC) Message-ID: <4DCA1AE6.8050209@telting.org> Date: Tue, 10 May 2011 22:13:10 -0700 From: Chris Telting User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.9.2.17) Gecko/20110429 Thunderbird/3.1.10 MIME-Version: 1.0 To: Devin Teske References: <4DC9DE2C.6070605@telting.org> In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-questions@freebsd.org Subject: Re: Established method to enable suid scripts? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 11 May 2011 05:13:12 -0000 On 05/10/2011 19:19, Devin Teske wrote: > On May 10, 2011, at 5:54 PM, Chris Telting wrote: > >> I've googled for over an hour. >> >> I'm not looking to get into a discussion on security or previous bugs that are currently fixed. Suid in and of itself is a security issue. But if you are using suid it it should work; I don't want to use a kludge and I don't want to use sudo. I'm hoping it's a setting that is just disabled by default. > The reason that the suid bit doesn't work on scripts (shell, perl, or otherwise) is because these are essentially text files that are interpreted by their associated interpreter. It is the interpreter itself that must be suid. > > In other words, you'd have to do this (*WARNING* highly inadvisable -- even for the OP): > > sudo chmod u+s /bin/sh > > before you could have a shell script such as this: > > #!/bin/sh > : anything > > run as the suid user (the owner of /bin/sh -- usually root). I thought of that. Seemed like I read that historically unix ran the #! command as the suid when it executed the file. Did Freebsd delete that functionality? (Otherwise how did suid scripts get the bad reputation if they could never execute suid.) I'm not exactly clear where the execute function is. I guessing that it's not the shell doing the #! interpretation but rather the execute function of the operating system. Either way thanks for the feedback.