Date: Tue, 5 Aug 1997 02:47:35 -0400 From: "Troy Settle" <rewt@i-Plus.net> To: <security@FreeBSD.ORG> Subject: Re: SetUID Message-ID: <199708050642.CAA19412@radford.i-plus.net>
next in thread | raw e-mail | index | archive | help
Ok, this SetUID thread has brought a question to mind. I'm the sysadmin for a small ISP, and have created a perl script for user management. The script is basically a menu with options to create/delete/di sable/enable accounts and change passwords. I've got safeguards in place that will only allow user accounts to be modified. In my script, I'm using: - hacked up code from /usr/bin/adduser to create accounts - a call to /usr/sbin/pw to disable and delete accounts - a call to /usr/bin/passwd to change user passwords and re-enable accounts My staff is allowed to run this script using the sudo utility, and all seems to work well. The script itself is owned by root, and has 0500 for permissions, and is using /usr/local/bin/perl (perl 5.003) as the interpreter. Is this safe? Is there anything I should watch out for? Any comments/suggestions are welcome. I'm willing to share my script if anyone is willing to suffer through poor coding :^) Troy Settle <st@i-Plus.net> Network Administrator, iPlus Internet Services http://www.i-Plus.net
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199708050642.CAA19412>