From owner-freebsd-security Mon Aug 4 23:44:39 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.5/8.8.5) id XAA24153 for security-outgoing; Mon, 4 Aug 1997 23:44:39 -0700 (PDT) Received: from radford.i-plus.net (root@Radford.i-Plus.net [206.99.237.6]) by hub.freebsd.org (8.8.5/8.8.5) with ESMTP id XAA24141 for ; Mon, 4 Aug 1997 23:44:35 -0700 (PDT) Received: from totally.fuckin.nutty.net (insane@totally.nutty.net [206.99.237.44]) by radford.i-plus.net (8.8.6/8.8.5) with SMTP id CAA19412 for ; Tue, 5 Aug 1997 02:42:59 -0400 (EDT) Message-Id: <199708050642.CAA19412@radford.i-plus.net> X-Mailer: Microsoft Outlook Express 4.71.0544.0 From: "Troy Settle" To: Subject: Re: SetUID Date: Tue, 5 Aug 1997 02:47:35 -0400 X-Priority: 3 X-MSMail-Priority: Normal MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-MimeOle: Produced By Microsoft MimeOLE Engine V4.71.0544.0 Sender: owner-freebsd-security@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk Ok, this SetUID thread has brought a question to mind. I'm the sysadmin for a small ISP, and have created a perl script for user management. The script is basically a menu with options to create/delete/di sable/enable accounts and change passwords. I've got safeguards in place that will only allow user accounts to be modified. In my script, I'm using: - hacked up code from /usr/bin/adduser to create accounts - a call to /usr/sbin/pw to disable and delete accounts - a call to /usr/bin/passwd to change user passwords and re-enable accounts My staff is allowed to run this script using the sudo utility, and all seems to work well. The script itself is owned by root, and has 0500 for permissions, and is using /usr/local/bin/perl (perl 5.003) as the interpreter. Is this safe? Is there anything I should watch out for? Any comments/suggestions are welcome. I'm willing to share my script if anyone is willing to suffer through poor coding :^) Troy Settle Network Administrator, iPlus Internet Services http://www.i-Plus.net