LinuxQuestions.org
Support LQ: Use code LQ3 and save $3 on Domain Registration
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 09-04-2009, 07:24 AM   #16
zhjim
Senior Member
 
Registered: Oct 2004
Distribution: Debian Squeeze x86_64
Posts: 1,748
Blog Entries: 11

Rep: Reputation: 233Reputation: 233Reputation: 233

Quote:
Originally Posted by Admiral Beotch View Post
Good call. I completely forgot about this in my sudo fanaticism. But again, if doing it this way, the OP should be *VERY* careful in how the script handles error conditions, user input, and working data as unexpected circumstances could create unforeseen vulnerabilities.
I bet you did not forget about the suid bit but your subconscious told you that on a shell script the suid bit is ignored
 
Old 09-04-2009, 07:33 AM   #17
i92guboj
Gentoo support team
 
Registered: May 2008
Location: Lucena, Córdoba (Spain)
Distribution: Gentoo
Posts: 4,063

Rep: Reputation: 381Reputation: 381Reputation: 381Reputation: 381
I had no idea about that, gotta learn something new
 
Old 09-04-2009, 07:37 AM   #18
JulianTosh
Member
 
Registered: Sep 2007
Location: Las Vegas, NV
Distribution: Fedora / CentOS
Posts: 674
Blog Entries: 3

Rep: Reputation: 90
Quote:
Originally Posted by i92guboj View Post
I had no idea about that, gotta learn something new
Nope. x2 here.
 
Old 09-04-2009, 08:03 AM   #19
JulianTosh
Member
 
Registered: Sep 2007
Location: Las Vegas, NV
Distribution: Fedora / CentOS
Posts: 674
Blog Entries: 3

Rep: Reputation: 90
Well, there you have it...

Quote:
Originally Posted by http://en.wikipedia.org/wiki/Setuid
Due to the increased likelihood of security flaws, many operating systems ignore the setuid attribute when applied to executable shell scripts.
 
Old 09-04-2009, 09:19 AM   #20
jschiwal
LQ Guru
 
Registered: Aug 2001
Location: Fargo, ND
Distribution: SuSE AMD64
Posts: 15,733

Rep: Reputation: 670Reputation: 670Reputation: 670Reputation: 670Reputation: 670Reputation: 670
Could you provide more details on what you need done as root. Any installation that wants something done as root needs to be configured by the root user. One method is using groups to control write access. Another for write access is using ACLs. For operations such as mounting usb drives, PolicyKit is used. Another method is to use a client/server approach. If something needs root permissions, it should be written with support for the mechanisms used to control authentication. Such as PAM. It should be very careful in controlling what can be done, and checking the real uid and effective uid. For example, the passwd command is suid root. It runs as root, but restricts what can be done if the real uid isn't root. Many daemons start out as root, to be able to open a lower order port, and then change to an effective uid of a system user soon after starting. Any program or script run as root, needs to trap messages such as ctrl-C and handle them safely, and fail without promoting the regular user. It may be desirable to control the environment as well.

Last edited by jschiwal; 09-04-2009 at 10:55 AM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
usage of history command inside shell script bsaheb Linux - Newbie 4 01-05-2010 09:55 PM
How to run a root command from script? terry-duell Fedora 2 02-16-2009 04:55 PM
Bash Script Help - Trying to create a variable inside script when run. webaccounts Linux - Newbie 1 06-09-2008 03:40 PM
run shell command inside of c code? khucinx Programming 2 05-17-2004 11:04 AM
how do I run a command from inside a c++ program? exodist Programming 1 04-06-2004 05:34 PM


All times are GMT -5. The time now is 04:26 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration