hi,

i have recently created a script that performs an rsync between 2 directories. it then ensures that the directory that was "sync'ed" has the correct permissions (it is a web directory so needs apache permissions...)

so within my shell script, there is a call to an "rsync" and another to a "chown"

i can run this script fine when logged in as root (the creator of the file) and also when i have it scheduled as a cron job (as it runs as root).

i would like any other user to be able to manually run it at any time though (in case they cannot wait for the next 5 mins!!)

i changed the SUID so the file perms are:

-rwsr-xr-x

this should allow any person to run the script with correct perms. but i recieve the following outputted errors:

[user@hostname ftp]$ ./syncweb.sh
RSYNCing the FTP and apache areas
building file list ... opendir(images): Permission denied
done
IO error encountered - skipping file deletion
wrote 270 bytes read 20 bytes 580.00 bytes/sec
total size is 54667 speedup is 188.51
rsync error: some files could not be transferred (code 23) at main.c(620)
Changing Permissions in web directory
chown: `/var/www/html/images': Permission denied

have i set this up right? do i need to set the SUID on both the rsync and chown apps aswell so that they can be run in elevated priveleges? this is not something i want to do though!!

any help would be appreciated

jingo_man

Shell scripts ignore the SUID bit. That's why you get the errors. I used to have a link to a page that said as much, but I can't dig it up. If you search for "shell script suid" on google, it might turn up something about it.

Some options you have:
1. Make the constituent programs suid. This is probably not what you want if normal users have access to rsync and definitely chown.
2. Write the script in a programming language, compile it as an executable, and set the executable's suid bit (i.e. turn the script into something other than a script)

thanks dark_helmet

this is what is was thinking - that would need to make the actual apps inside SUID.

will have to look at the second solution i think - but as a newbie may take a period of time. any useful links for this?

many thanks for the reply though...

jingo_man

could even run the script using "sudo"....

Yeah, I am a complete dunce for not suggesting sudo or "su -c". I need to get around to setting up sudo one of these days. That might help me remember it more often.