Linux - GeneralThis Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Ok here's the situation. Let's say I have a small bash script that does the following:
mkdir /test/hello
chown joe /test/hello
the "test" directory is owned by root/root and is cdmod'd 755.
and as root I chmod this script with 4755 (to run as root).
I then log in with a non-root account and try to execute it. When I runs I gets access denied. It's my understanding that if a script is marked as run-as-root, every command run from within it will run with root permissions. Why does it not work?
"It's my understanding that if a script is marked as run-as-root, every command run from within it will run with root permissions."
I don't think so. Try running the script as su and see what happens. Also try running the mkdir and chown commands as user, then as su. I think that they will work as su but not as user.
I have posted a very similar question in the Red Hat forum
"Can't extract expiry days from shadow"
but no replies as yet
If the user su'd to root then most definitely the commands & script runs.
Problem is the user does not have access to the root password.
If user su'd to themselved then no permissions.
My grasp of run-as-root was the same as Phils.
How does passwd
-r-s--x--x 1 root root 15104 Mar 14 2002 /usr/bin/passwd
when run by a lowly user get access to protected root permission files?
"Sorry I dont understand just what you mean Steve."
Your experiment was what I was looking for. I meant for Phil to check whether the problem was in the script command itself or in the commands issued within the script.
Let's say I have a directory named "userdrives"..It's owned by root and group-owned by "NTusers". root and NTusers have full rights and everyone else has none. So:
rwxrwx--- root NTusers 4096 userdrives
Now, I want to write a script that will create a subdirectory under userdrives and I want to run this script as a non-root user. For this reason, the run-as-root flag must be set. For example I make a script (makeudrive), as root:
mkdir /userdrives/joe
chmod 755 makeudrive
I then log out and log in as a regular user.
./makeudrive
access denied
This is understandable. I log back in as root and chmod the script with set uid:
chmod 4755 makeudrive
Now, when I log in as a regular user and execute it, I still get access denied. In my opinion everything that the script executes should run as root.
The end goal is to give multiple administrators the rights to create home directories for our Win2k users, without the administrators having root access to the linux box.
"everything that the script executes should run as root."
It doesn't work that way. It is a basic axiom of Unix security that a process (the script in this case) cannot change to a different user without a trip through security. If a non root process wants to run as root it has to go through security first and ask for the root password.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.