su problem

su problem

Post by Miguel Demaere » Sat, 14 Apr 2001 23:06:34



Hoi

Can someone help me with this one.

I have created an script called menu.ksh. The owner is root
The  permissions of menu.ksh are
rwsr-xr-x root other menu.ksh

In the menu.ksh I do a su to daa.
su - daa -c "dss start"

When I executed this with root no problem.
dss is started without any problems.

When I executed this with the operator account , it ask the password of
daa.

I thought with the rws bit enabled I won't need the password of daa.

Thanks in advance.

Greetings Miguel

 
 
 

su problem

Post by Kordian Wit » Sun, 15 Apr 2001 01:27:39



> I thought with the rws bit enabled I won't need the password of daa.

Because of basic security concerns, most modern systems' kernels will
not allow shell scripts to be run set-uid to root.

Your best bet is to either:
* create a wrapper C program with a single "system("/path/script");"
  command which is then set set-uid root
* use suid-perl (comes with most packaged perl distributions) - with
  that, ordinary users can run perl scripts set-uid root

HTH,
kordian witek
--
"I was gratified to be able to answer promptly, and I did.
I said I didn't know."   -- Mark Twain


Change "spam" to "kw97" when replying via e-mail.
-------

 
 
 

su problem

Post by Ari Makel » Sun, 15 Apr 2001 03:15:18



> * create a wrapper C program with a single "system("/path/script");"
>   command which is then set set-uid root

This is an art form. Those who need to ask shouldn't do it.

--

use strict; print "Just Another Perl Hacker\n";    http://www.iki.fi/hauva/ #

"Father, I have done questionable things." - Roy

 
 
 

su problem

Post by Bart » Sun, 15 Apr 2001 16:47:15


A little bit patronising?



> This is an art form. Those who need to ask shouldn't do it.

 
 
 

su problem

Post by Ari Makel » Sun, 15 Apr 2001 18:01:30



> A little bit patronising?

I'm famous for not being a nice guy.

root SUID programs are dangerous and they shouldn't be written
lightheartedly. It's just not "let's call this shell script by
system() function".

If someone wants to do it and has never done it before he should
consult Garfinkel's and Spafford's Practical Unix & Internet Security
or similar book.

--

use strict; print "Just Another Perl Hacker\n";    http://www.iki.fi/hauva/ #

"Father, I have done questionable things." - Roy

 
 
 

1. su problem -- su: Unknown id: root

On a SS20 running Solaris 2.5 I am not able to su to root.
When I try it I get:

$ su -
su: Unknown id: root
$

I've checked everything I can think of but can not find the cause.
Does anyone have a fix for this?

Steve Haran

2. unable to build ghemical in slackware

3. su problems: libc or su?

4. Talk - error in recv ?

5. su problem: su: cannot set groups: Operation not permitted

6. Man Pages Problem

7. odd su problem

8. Printing to Multiple printers - HP JetDirect external server and SCO 5.0.2

9. Help, Switch User (su) problem.

10. Slackware 3.0 su problem

11. su problems

12. su problems since I installed networking

13. su problem with RedHat 7.1