From owner-freebsd-questions@FreeBSD.ORG  Wed May 11 16:31:44 2011
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 25610106564A
	for <freebsd-questions@freebsd.org>;
	Wed, 11 May 2011 16:31:44 +0000 (UTC)
	(envelope-from aimass@yabarana.com)
Received: from mail-iw0-f182.google.com (mail-iw0-f182.google.com
	[209.85.214.182])
	by mx1.freebsd.org (Postfix) with ESMTP id EEBC08FC08
	for <freebsd-questions@freebsd.org>;
	Wed, 11 May 2011 16:31:42 +0000 (UTC)
Received: by iwn33 with SMTP id 33so925676iwn.13
	for <freebsd-questions@freebsd.org>;
	Wed, 11 May 2011 09:31:42 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.231.179.38 with SMTP id bo38mr2414000ibb.103.1305131502154;
	Wed, 11 May 2011 09:31:42 -0700 (PDT)
Sender: aimass@yabarana.com
Received: by 10.231.30.202 with HTTP; Wed, 11 May 2011 09:31:42 -0700 (PDT)
In-Reply-To: <20110511141420.GD41080@gizmo.acns.msu.edu>
References: <4DC9DE2C.6070605@telting.org>
	<20110511141420.GD41080@gizmo.acns.msu.edu>
Date: Wed, 11 May 2011 12:31:42 -0400
X-Google-Sender-Auth: Dm6oNA4rj7rtd5_aXGxuH3PlczI
Message-ID: <BANLkTimCQ5TLBH_w48q2zbQaBJj9jog2+g@mail.gmail.com>
From: Alejandro Imass <ait@p2ee.org>
To: Jerry McAllister <jerrymc@msu.edu>
Content-Type: text/plain; charset=ISO-8859-1
Cc: Chris Telting <christopher-ml@telting.org>, freebsd-questions@freebsd.org
Subject: Re: Established method to enable suid scripts?
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 11 May 2011 16:31:44 -0000

On Wed, May 11, 2011 at 10:14 AM, Jerry McAllister <jerrymc@msu.edu> wrote:
> On Tue, May 10, 2011 at 05:54:04PM -0700, Chris Telting wrote:
>
>> I've googled for over an hour.

As other have said suiding on scripts is not allowed in modern
versions of Unix. What I do for example, is create small C programs
suid them and use those special suid execs to do special stuff. For
example, if I need to erase some files created by the mysql daemon
process I will create a C exec called suidrm and have it suid to the
mysql owner so I can remove the temp files from an Apache CGI for
example. Any suid exec should be carefully evaluated and meant for one
specific thing, and avoid suiding to root if at all possible. If you
must you can copy the exec with a different name and suid it for a
specific purpose with a specific user, preferably not root.

Anyway, with the simple C program wrapper approach I have solved many
things like what you're trying to do.

Best,

--
Alejandro Imass