Date: Wed, 4 Aug 2004 09:09:25 -0400 From: Bill Moran <wmoran@potentialtech.com> To: Paredes =?ISO-8859-1?Q?S=E1nchez_Mart=EDn?= A. <mparedes@telmex.com> Cc: FreeBSD-Questions@FreeBSD.org Subject: Re: The set-user-ID-on-execution Message-ID: <20040804090925.0868e1e3.wmoran@potentialtech.com> In-Reply-To: <E3F56D7842656F4484C5668BC4D7F298042C18@is~tmxmailhmo1.intranet.telmex.com> References: <E3F56D7842656F4484C5668BC4D7F298042C18@is~tmxmailhmo1.intranet.telmex.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Paredes Sánchez Martín A. <mparedes@telmex.com> wrote: > > Hi: > > I made a script (for tcsh shell) which add a printer to the system > (made directories, files, security and made some validations) but > need root access to accomplish this task. > > my solution was to setuid the scripts been root > > # chown root:admin-hmo *.tcsh > # chmod u=swrx,g=rx,o= *.tcsh > # ls -l > total 4 > -rwsr-x--- 1 root admin-hmo 2024 Aug 3 04:07 impresora.tcsh > -rwsr-x--- 1 root admin-hmo 275 Jul 30 02:26 seguridad.tcsh > > The first line of the script is #!/bin/tcsh -fb > > But when I run the script been other user I had problem with > the permissions > > > impresora.tcsh oc81p8707 p1ct203 psct203 raw > mkdir: /var/spool/lpd/oc81p8707: Permission denied > touch: /var/spool/lpd/oc81p8707/filter-errors: No such file or directory > touch: /var/spool/lpd/oc81p8707/accounting-file: No such file or > directory > /var/spool/lpd/oc81p8707/minfree: No such file or directory. > > did I miss something? Yes. Scripts can't utilize setuid/setgid. You can rewrite the script in perl and use the setuid perl interpreter (which is basically a workaround for this) or install sudo and give the script the ability to call sudo before executing commands that require elevated priviledges. -- Bill Moran Potential Technologies http://www.potentialtech.com
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040804090925.0868e1e3.wmoran>