Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Hello, I am wondering if I can set a binary file with user permissions set only (0700: - rwx --- ---), so it can only be executed directly by the owner, but I would like it to also be executed if run from a script by member of the group the file belongs to?
As you can see, the binary itself does not have any access rights for group, but is there a way the script can grant rights for the session? It could not actually set the permissions on the file as it would be used by several people, but the user rights for the file could be inherited from the script?
The reason I want to do this is to ensure the various setup and tidyup commands in the script are performed.
I thought that setting the script with SUID would work, but I get a permission denied error.
I thought about having a copy of the file moved to the users home directory, set the permissions, then execute, but it wouldn't work because the user could execute the binary from their directory, whilst the script is running in another shell session. Also, the file needs to be in a specific directory to execute properly.
Originally posted by enigmasoldier bash is intelligent and won't let you set the suid bits on a script file. You might look into sudo if the script requires root access.
What I want is a script with group execute permissions to execute a binary without execute permissions. This way, only the script can execute the binary instead of users executing from the shell prompt.
Sudo sounds like it may be the answer though. I didn't really want to temporarily grant root access, but temporarily allowing the group the same permissions as root would work.
Thanks for the tip.
Last edited by antony.booth; 03-11-2005 at 05:08 AM.
Re: Re: How to make a file inherit script permissions
Quote:
Originally posted by Aeiri Just give the file permissions 750.
By doing that, I am enabling group members the ability to execute the binary directly from the shell prompt, which is exactly what I'm trying to prevent.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.