chmod +s ?

chmod +s ?

Post by Cesar Hernand » Fri, 18 Feb 2000 04:00:00



Does anyone know how to allow a user to execute a shellscript as root?

For example:

Let's have a file

chillida:/export/home/cesar>ls -al pp
-rw-------   1 root     other         11 Feb 17 10:35 pp

chillida:/export/home/cesar>ls -al kk
-rwsrwsrwx   1 cesar    other          8 Feb 17 10:35 kk

$ cat kk
more pp

Then, why cesar:other is not allow to execute kk ?

$ ./kk
pp: Permission denied

Cesar

 
 
 

chmod +s ?

Post by Martin Hepwort » Fri, 18 Feb 2000 04:00:00



> Does anyone know how to allow a user to execute a shellscript as root?

> For example:

> Let's have a file

> chillida:/export/home/cesar>ls -al pp
> -rw-------   1 root     other         11 Feb 17 10:35 pp

> chillida:/export/home/cesar>ls -al kk
> -rwsrwsrwx   1 cesar    other          8 Feb 17 10:35 kk

> $ cat kk
> more pp

> Then, why cesar:other is not allow to execute kk ?

> $ ./kk
> pp: Permission denied

> Cesar

Cesar
the 's' bit means set UID of the program to the programs owner, rather
then the user who is running the program.

if you 'chown root kk; chmod u+s kk' as root

then run the program as cesar it should work.

Martin

 
 
 

chmod +s ?

Post by Kevin Mile » Fri, 18 Feb 2000 04:00:00


Quote:> Cesar
> the 's' bit means set UID of the program to the programs owner, rather
> then the user who is running the program.

> if you 'chown root kk; chmod u+s kk' as root

> then run the program as cesar it should work.

> Martin

remove the world-writability though or your system could be hackable.

--
Kevin Miles

 
 
 

chmod +s ?

Post by Cesar Hernand » Fri, 18 Feb 2000 04:00:00


Martin, got it!

#!/usr/bin/ksh in kk file


> Does anyone know how to allow a user to execute a shellscript as root?

> For example:

> Let's have a file

> chillida:/export/home/cesar>ls -al pp
> -rw-------   1 root     other         11 Feb 17 10:35 pp

> chillida:/export/home/cesar>ls -al kk
> -rwsrwsrwx   1 cesar    other          8 Feb 17 10:35 kk

> $ cat kk
> more pp

> Then, why cesar:other is not allow to execute kk ?

> $ ./kk
> pp: Permission denied

> Cesar

 
 
 

chmod +s ?

Post by Tony Walto » Fri, 18 Feb 2000 04:00:00



> > Cesar
> > the 's' bit means set UID of the program to the programs owner, rather
> > then the user who is running the program.

> > if you 'chown root kk; chmod u+s kk' as root

> > then run the program as cesar it should work.

> > Martin

> remove the world-writability though or your system could be hackable.

Then add

#!/bin/sh -p

as the first line, and you're there.  (Bourne shell needs this to turn
set[ug]id-ness on; csh would require #!/bin/csh -b instead, Korn shell
doesn't need either).

--
Tony

This posting is my own opinion and does not constitute official support
from Sun Microsystems

 
 
 

chmod +s ?

Post by Casper H.S. Dik - Network Security Engine » Fri, 18 Feb 2000 04:00:00


[[ PLEASE DON'T SEND ME EMAIL COPIES OF POSTINGS ]]


>chillida:/export/home/cesar>ls -al kk
>-rwsrwsrwx   1 cesar    other          8 Feb 17 10:35 kk
>$ cat kk
>more pp

The "kk" script is not a proper executable; it doesnt' get executed
by the kernel, rather, your shell will fire off "/bin/sh -c 'pp'"; the
bits will be ignored./

Casper

--
Expressed in this posting are my opinions.  They are in no way related
to opinions held by my employer, Sun Microsystems.
Statements on Sun products included here are not gospel and may
be fiction rather than truth.

 
 
 

chmod +s ?

Post by Casper H.S. Dik - Network Security Engine » Fri, 18 Feb 2000 04:00:00


[[ PLEASE DON'T SEND ME EMAIL COPIES OF POSTINGS ]]


>chillida:/export/home/cesar>ls -al kk
>-rwsrwsrwx   1 cesar    other          8 Feb 17 10:35 kk
>$ cat kk
>more pp

The "kk" script is not a proper executable; it doesnt' get executed
by the kernel, rather, your shell will fire off "/bin/sh -c 'pp'"; the
bits will be ignored./

Casper

--
Expressed in this posting are my opinions.  They are in no way related
to opinions held by my employer, Sun Microsystems.
Statements on Sun products included here are not gospel and may
be fiction rather than truth.