Two scripts, one runs with the other only runs as root

halfpower · 04-11-2009, 06:49 AM

I have two scripts. This one will run when I type "sudo script_file_name"

Code:

#!/bin/sh

mount /dev/sdb3 /mnt/sdb3 -t ntfs -o umask=0222

This one will not run when I type "sudo script_file_name," but it will run when I am root.

Code:

#!/bin/sh

shutdown now -h

Do you know what would cause this? All I'm really trying to do is to poweroff without being root.

GazL · 04-11-2009, 07:00 AM

Without any more detail then I'd guess it's either file permissions or a difference in the $PATH.
What are you seeing? Command not found? Permission denied? or something else?

tronayne · 04-11-2009, 07:12 AM

shutdown can only be executed by UID 0 and GID 0 (which is root's userid). If you really, really what to be able to shut the system down without using su to do it, you can change the owner and group of your shell program to root and change the mode to 4755 (you must do this as root). You could also use the init utility instead of the shutdown utility in your shell program; i.e.,

Code:

#!/bin/sh
#
# non-root user system shutdown
#
/sbin/init 0

Bear in mind that either is not a real good idea when you can simply

Code:

su -
Password: root-password
init 0

Although you can do something (like set the so-called "su" bit, which is what mode 4755 does) it can come back and bite you; there is a reason that certain commands require root permission to be used and you should think it through before you jump off this cliff.
[EDIT]
Well, ignorant me (here's one of those things that won't port from Solaris). Thanks to gazl for pointing out that SUID doesn't work in Linux (and, dang it, that's a good thing, too).

Sigh.

GazL · 04-11-2009, 08:09 AM

Quote:

Originally Posted by tronayne

If you really, really what to be able to shut the system down without using su to do it, you can change the owner and group of your shell program to root and change the mode to 4755 (you must do this as root).

SUID is ignored on shell scripts under linux, so this won't work.

wadsworth · 04-11-2009, 08:22 AM

Supply the full path to shutdown in your script

Code:

sudo /sbin/shutdown -h now

then use visudo to allow you user (or group) to execute /sbin/shutdown.

rg3 · 04-11-2009, 08:58 AM

I don't think the above posts hit the nail in the head (but some of them are very close). The second script probably doesn't run because you are using "shutdown" as the command to run, and shutdown resides in /sbin, which is probably not in your user's PATH. Probably changing "shutdown" for "/sbin/shutdown" should do the trick.

Also, the reason the SUID bit in scripts "doesn't work" is that in Unix there is a distinction between the owner's UID for the process and the effective UID. When you set the setuid bit in a program, you change the effective UID to the one of the user owning the file, but now the owner's UID of the process, which continues to be your normal user. Problem: when a process forks (to launch another process), the owner and effective UID are inherited from the owner UID of the parent process. Hence, any program launched from a shell script that has the setuid bit is launched as the normal user, and not as the effective UID user.

halfpower · 04-11-2009, 09:19 AM

Quote:

Originally Posted by GazL

Without any more detail then I'd guess it's either file permissions or a difference in the $PATH.
What are you seeing? Command not found? Permission denied? or something else?

It says:

Code:

me@computer~$ sudo turnoff
/usr/local/bin/turnoff: line 3: shutdown: command not found

GazL · 04-11-2009, 09:52 AM

It's probably the $PATH then. Change your script to run /sbin/shutdown as wadsworth suggested above and it should work.

dive · 04-11-2009, 04:05 PM

Are you in the power group?

Output of 'groups' please.