|>
|> I've written a shell script to format magnetooptical disks. It can be
|> performed by root without problems, but I want to start it as a normal user
|> from a program. My program has ownwer root and the sticky bit set for
|> owner and group. After activating the shell script (it has owner root and S-Bits set for owner and group too) by my program I get the error message 'Permission
|> denied'.
This is a security feature. The OS won't let you run a script SETUID root,
because if it did it would give instant root access to anyone that found
it and knew the hole.
Instead make a simple wrapper that will run it:
#include <stdlib.h>
#include <unistd.h>
main()
{
putenv("IFS= \t\n");
putenv("PATH=");
execl("/the/name/of/your/script","scriptname","first arg",...,NULL);
Quote:}
Make this setuid root and you'll have what you want, and security to boot:)
Make sure you set the path appropriately. Your script should not rely on
the path, but explicitely access stuff. That way the PATH can be NULL as
shown. If you need to you can explicitly set the PATH in the script. Just
make sure that . is not in the path.
Patrick
--
_______________________________________________________________________
/ These opinions are mine, and not Amdahl's (except by coincidence;). \
| (\ |
| Patrick J. Horgan Amdahl Corporation \\ Have |
| Phone : (408)992-2779 P.O. Box 3470 M/S 316 \\/ Will |
| FAX : (408)773-0833 Sunnyvale, CA 94088-3470 _/\\ Travel |
\___________________________O16-2294________________________\)__________/
by