file permissions and SUID
hi,
i have recently created a script that performs an rsync between 2 directories. it then ensures that the directory that was "sync'ed" has the correct permissions (it is a web directory so needs apache permissions...) so within my shell script, there is a call to an "rsync" and another to a "chown" i can run this script fine when logged in as root (the creator of the file) and also when i have it scheduled as a cron job (as it runs as root). i would like any other user to be able to manually run it at any time though (in case they cannot wait for the next 5 mins!!) i changed the SUID so the file perms are: -rwsr-xr-x this should allow any person to run the script with correct perms. but i recieve the following outputted errors: [user@hostname ftp]$ ./syncweb.sh RSYNCing the FTP and apache areas building file list ... opendir(images): Permission denied done IO error encountered - skipping file deletion wrote 270 bytes read 20 bytes 580.00 bytes/sec total size is 54667 speedup is 188.51 rsync error: some files could not be transferred (code 23) at main.c(620) Changing Permissions in web directory chown: `/var/www/html/images': Permission denied have i set this up right? do i need to set the SUID on both the rsync and chown apps aswell so that they can be run in elevated priveleges? this is not something i want to do though!! any help would be appreciated jingo_man |
Shell scripts ignore the SUID bit. That's why you get the errors. I used to have a link to a page that said as much, but I can't dig it up. If you search for "shell script suid" on google, it might turn up something about it.
Some options you have: 1. Make the constituent programs suid. This is probably not what you want if normal users have access to rsync and definitely chown. 2. Write the script in a programming language, compile it as an executable, and set the executable's suid bit (i.e. turn the script into something other than a script) |
thanks dark_helmet
this is what is was thinking - that would need to make the actual apps inside SUID. will have to look at the second solution i think - but as a newbie may take a period of time. any useful links for this? many thanks for the reply though... jingo_man |
could even run the script using "sudo"....
|
Yeah, I am a complete dunce for not suggesting sudo or "su -c". I need to get around to setting up sudo one of these days. That might help me remember it more often.
|
All times are GMT -5. The time now is 06:23 PM. |