Board index Solaris

script setuid

script setuid

Post by Eric Wag » Sun, 03 Jun 2001 16:07:55



I'd like to setuid on a script that runs at boot time.

The system is running Solaris 8 (fully patched.)

The user I'd like to have it run as has a shell of /dev/null.  I have
tried adding
SU=/bin/su - <username> -c
SU=/bin/su - <username> -c "command to be run"
SU=/bin/su <username> -c
SU=/bin/su <username> -c "command to be run"
to the script.

When ever the process is started/running, it will always come up as
root.  My only guess is that the home dir is /dev/null.  If this is
the case, what are my options?  (Change the shell, don't set it
setuid, etc?)

thanks
eric

 
 
 
Top

script setuid

Post by Eric Wag » Wed, 06 Jun 2001 02:27:06


I ended up doing a 4744 on the script, and changing the ownership of
files within the directories it was reading.

This worked like a charm.

eric



>#   I'd like to setuid on a script that runs at boot time.
>#  
>#   The system is running Solaris 8 (fully patched.)
>#  
>#   The user I'd like to have it run as has a shell of /dev/null.  I have
>#   tried adding
>#   SU=/bin/su - <username> -c
>#   SU=/bin/su - <username> -c "command to be run"
>#   SU=/bin/su <username> -c
>#   SU=/bin/su <username> -c "command to be run"
>#   to the script.
>#  
>#   When ever the process is started/running, it will always come up as
>#   root.  My only guess is that the home dir is /dev/null.  If this is
>#   the case, what are my options?  (Change the shell, don't set it
>#   setuid, etc?)

>GAK. You could try /bin/false instead of /dev/null.

>But why not use a built-in tool designed for this need?

>The RBAC white paper:

>    http://www.sun.com/software/whitepapers/wp-rbac/wp-rbac.pdf


 
 
 
Top

script setuid

Post by Barry Margoli » Wed, 06 Jun 2001 02:52:59




>I'd like to setuid on a script that runs at boot time.

>The system is running Solaris 8 (fully patched.)

>The user I'd like to have it run as has a shell of /dev/null.  I have
>tried adding
>SU=/bin/su - <username> -c
>SU=/bin/su - <username> -c "command to be run"
>SU=/bin/su <username> -c
>SU=/bin/su <username> -c "command to be run"
>to the script.

What's that "SU=" stuff at the beginning of each line?

Quote:>When ever the process is started/running, it will always come up as
>root.  My only guess is that the home dir is /dev/null.  If this is

The problem isn't the home dir, it's the shell.  From the su(1) man page:

     The new shell will be  the
     shell  specified  in  the shell field of username's password
     file entry (see  passwd(4)).

Quote:>the case, what are my options?  (Change the shell, don't set it
>setuid, etc?)

--

Genuity, Burlington, MA
*** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to newsgroups.
Please DON'T copy followups to me -- I'll assume it wasn't posted to the group.
 
 
 
Top

1. Ksh scripts, setuid, and $0

Hi,

I'm on an Ultra Sparc running Solaris 2.x.

I have a ksh script that evaluates $0 to obtain
the relative path used to execute the script.

Normally (and on HPUX) this works fine.

BUT ... when I turn on the setuid bit (like chmod 6755)
the $0 argument becomes "/bin/ksh".  In fact, the relative
path of the script (previously in $0) is found in NONE of the
subsequent arguments.

Does anyone know why this is?  Is it a weird bug ... or some
nuance I don't quite understand.

Note ... on HPUX turning on setuid has no effect (ie, no problem).

Thanks in advance,

Chris

2. SOFTWARE COMPANY IN NEED -- HUGE OPPORTUNITY!!

3. Need help with setuid() problems on 386/ix with setuid root program.

4. Intalling Red Hat 5.1 with IWill Inition SCSI board

5. Making ip-[up.down] script "setuid"

6. Implementing non-contigous subnet masking

7. Setuid on shell scripts and permissions problem

8. Solaris 10 x86 & sparc source/binary compatability

9. setuid/setgid PERL CGI script

10. detecting setuid scripts

11. Setuid root on scripts question??

12. setuid script calling useradd

13. setuid script failed on Solaris 2.6


All times are UTC
Board index