LinuxQuestions.org - permissions question

- Linux - Newbie (https://www.linuxquestions.org/questions/linux-newbie-8/)

- - permissions question (https://www.linuxquestions.org/questions/linux-newbie-8/permissions-question-664687/)

permissions question

NOTE:

If anyone wants to help me, may I suggest skipping to the very last post and going from there?

--

--

--

I understand w lets you add or remove files, would read permissions let you read all files in the directory regardless of their permissions?

If not, then I can't imagine any use for it (since x lets you list the directory contents).

No. Read permissions for directory means you're able to obtain filenames in the directory.

x let's you execute. Meaning you can cd into that dir.

Oh. The explanations I find on the web didn't seem to mesh with that, but that makes sense.

Also, I gave -rws--x--x permissions to a script which is designed so that an unprivileged user can copy files from one of their directories to a particular destination directory belonging to another user. however it's telling me that permission is denied when trying to access the target directory in question.

Urgent: using rws----r-x permissions not working

I absolutely have to get this working right before Monday. I can beat my head against the problem all weekend, but I don't have the faintest clue what is wrong.

I'm running SuseLinux10. I have a script pc.scr with permissions as follows:

-rwsr-xr-x 1 crs120_bra crs120 754 2008-08-22 17:36 pc.scr

As I understand it, any user who runs this script will have the privileges of crs120_bra while the script is running. However, when the script tries to copy a file into a directory that crs120_bra owns, it gives me permission denied messages.

Details: The basic user runs a different script (with only rxwr-xr-x permissions) which then calls pc.scr (the one with rwsr-xr-x permissions). The first script causes the user to copy some files to /tmp/$LOGNAME/ with 777 permissions, then the second script is supposed to cause the user to temporarily inherit permissions of the pc.scr owner so that the files in that temp directory can be copied into a directory that the pc.scr owner has access to (but the normal user doesn't).

I verified that the target directory is owned by crs120_bra (by checking permissions and by creating a file). I have also verified that the final cp command is causing the errors (the initial copy uses `cat $filename > /tmp/$LOGNAME/$filename` so there is no other cp command in either script). The script can't even make a subdirectory in the target directory, so I know the problem has got to be that the base user isn't inheriting the privileges like teh -rws---r-x is supposed to let him do.

If anyone can list a few things I might double check, I would really appreciate it. Man this has been a long week... almost over with if I could just get this working.

EDIT:

I even tried making the owner of the script root, but it didn't help

Some other people on the net are saying that suid doesn't work for scripts in linux. If that's the case, then I am seriously screwed (well, maybe not completely, I supposed I could rewrite the script as a c-program; that's just going to be highly annoying).

I took the liberty to merge those two threads - the first
post of the second thread is just a continuation of the
last post on the first thread.

Cheers,
Tink

sorry

I knew it was skirting the rules a bit, but I'm getting desperate here. I have some ideas now so I'm not completely stuck... looks like I'm going to be working all night.

No worries ... and to answer your question: bash won't do
what you're asking of it indeed. You can't have scripts
suid ... you may be able, however, to achieve the result
you're after by adding the script to sudoers ?

%MYGROUP ALL=ALL NOPASSWD: su - USER -c "/path/to/script"

Untested, by I think it should work.

Cheers,
Tink

sudoers?

That means the script will run as root? I guess that wouldn't be a problem as long as no one had to enter any passwords.

I'd rather have the script run as a less privleged user actually

::EDIT::

NM, I see. The syntax isn't quite right, but I'll look it up. This might indeed be exactly what I need. I was about to write my own copy program in C :|

EDIT:

I can't get the syntax right :) damn I'm so helpless at the moment. In a year I'll be answering questions for all the other the latest round of n00bs though

This just doesn't seem to be working. Your syntax was causing problems so tried something new I got from a webpage:

Code:

Cmnd_Alias        APATH = /path/to/script





..



..



..



%groupname          ALL=(%groupname)    APATH

I thought that would let users in %groupname run, from any terminal, as any other user in %groupname on the command APATH

Ah crap... I think I just figured it out... but I realized I need to pass an argument to the script

Anyone know how to do that? :(

The first argument will be $1 (or is that 1), so

echo $1

will print out the first argument for example

Ok, I have the script working great now, only it is still asking the user for the password of the privileged user. Here's what my visudo file looks like, and the line in the script:

Code:

# Cmnd alias specification

Cmnd_Alias PC1240 = /bin/su - privuser -c "${classbin}/pcn.scr ${1} ${LOGNAME}"



# Defaults specification

Defaults targetpw    # ask for the password of the target user i.e. root

%users ALL=(ALL) ALL # WARNING! Only use this together with 'Defaults targetpw'!



# User privilege specification

root    ALL=(ALL) ALL



%1240          ALL=(ALL)      NOPASSWD: PC1240

The line in the script is:

Code:

/bin/su - privuser -c "${classbin}/pcn.scr ${1} ${LOGNAME}"

I'm going to go home now. I'll check this from home and log in via ssh if anyone has any good ideas! Otherwise tomorrow. I'm pretty sure I can get this worked out now. I just need to set up the sudoer file properly. I'll sleep a little easier tonight anyway. Thanks everyone.

Make sure to help correct my sudoer file if you can :)