Ok here's the situation. Let's say I have a small bash script that does the following:

mkdir /test/hello
chown joe /test/hello

the "test" directory is owned by root/root and is cdmod'd 755.

and as root I chmod this script with 4755 (to run as root).

I then log in with a non-root account and try to execute it. When I runs I gets access denied. It's my understanding that if a script is marked as run-as-root, every command run from within it will run with root permissions. Why does it not work?

"It's my understanding that if a script is marked as run-as-root, every command run from within it will run with root permissions."

I don't think so. Try running the script as su and see what happens. Also try running the mkdir and chown commands as user, then as su. I think that they will work as su but not as user.

___________________________________
Be prepared. Create a LifeBoat CD.
http://users.rcn.com/srstites/LifeBo...home.page.html

Steve Stites

Sorry I dont understand just what you mean Steve.

I have posted a very similar question in the Red Hat forum
"Can't extract expiry days from shadow"
but no replies as yet

If the user su'd to root then most definitely the commands & script runs.
Problem is the user does not have access to the root password.
If user su'd to themselved then no permissions.

My grasp of run-as-root was the same as Phils.


How does passwd
-r-s--x--x 1 root root 15104 Mar 14 2002 /usr/bin/passwd
when run by a lowly user get access to protected root permission files?

Thanks for replying to Phil anyway

George B

"Sorry I dont understand just what you mean Steve."

Your experiment was what I was looking for. I meant for Phil to check whether the problem was in the script command itself or in the commands issued within the script.

___________________________________
Be prepared. Create a LifeBoat CD.
http://users.rcn.com/srstites/LifeBo...home.page.html

Steve Stites

I'll simplifiy:

Let's say I have a directory named "userdrives"..It's owned by root and group-owned by "NTusers". root and NTusers have full rights and everyone else has none. So:

rwxrwx--- root NTusers 4096 userdrives

Now, I want to write a script that will create a subdirectory under userdrives and I want to run this script as a non-root user. For this reason, the run-as-root flag must be set. For example I make a script (makeudrive), as root:

mkdir /userdrives/joe

chmod 755 makeudrive

I then log out and log in as a regular user.

./makeudrive

access denied

This is understandable. I log back in as root and chmod the script with set uid:

chmod 4755 makeudrive

Now, when I log in as a regular user and execute it, I still get access denied. In my opinion everything that the script executes should run as root.

The end goal is to give multiple administrators the rights to create home directories for our Win2k users, without the administrators having root access to the linux box.

"everything that the script executes should run as root."

It doesn't work that way. It is a basic axiom of Unix security that a process (the script in this case) cannot change to a different user without a trip through security. If a non root process wants to run as root it has to go through security first and ask for the root password.

___________________________________
Be prepared. Create a LifeBoat CD.
http://users.rcn.com/srstites/LifeBo...home.page.html

Steve Stites