Slackware This Forum is for the discussion of Slackware Linux.
|
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
|
06-09-2006, 07:43 PM
|
#1
|
Member
Registered: Jul 2005
Distribution: Slackware
Posts: 244
Rep:
|
Shell Script with Superuser Power?
I want a shell script to have root privileges. I don't want it to ask for a password and I want the command line returned to the user who invoked the command without out superuser privileges and in the same shell that it was in before hand. I have the file
Code:
#!/bin/sh
su
password
/sbin/insmod rt2500.o
/sbin/ifconfig ra0 inet 192.168.1.234 up
/sbin/route add default gw 192.168.1.1
su echo $USER
This does not work the way I want it to. It even prints the root password to the screen. How can I accomplish this task?
|
|
|
06-09-2006, 07:50 PM
|
#2
|
Slackware Contributor
Registered: Sep 2005
Location: Eindhoven, The Netherlands
Distribution: Slackware
Posts: 8,559
|
If you save this
Code:
#!/bin/sh
/sbin/ifconfig ra0 inet 192.168.1.234 up
/sbin/route add default gw 192.168.1.1
under the name, say, /usr/local/bin/start_wireless.sh and make it executable, then add this line to the /etc/sudoers file:
Code:
ALL ALL = NOPASSWD: /usr/local/bin/start_wireless.sh
then all you need to do to run the script with root privileges and no password asked is this:
Code:
sudo /usr/local/bin/start_wireless.sh
Eric
|
|
|
06-09-2006, 07:52 PM
|
#3
|
Member
Registered: Sep 2003
Posts: 142
Rep:
|
There are a couple of ways to do this. Off the top of my head you can do one of two things.
1)
put the script in /usr/local/bin and then in the
/etc/sudoers file all it root permissions without a
password. Then when you invoke the script do
sudo <script> and you will not get a password prompt
2)
Set the setuid bit with the chmod command, I am sure
what the exact options would be but maybe
chmod 2755 <script>
also I would check to make sure you are root before running the script put something like this in the first few lines of the script.
Code:
if[ "$USER" != "root" ]; then
echo "exiting...you need to be root"
exit 1
fi
you beat me to it, must be a slow typist
|
|
|
06-09-2006, 07:53 PM
|
#4
|
Member
Registered: Jul 2004
Location: [jax][fl][usa]
Distribution: Slackware64-current
Posts: 796
Rep:
|
*duplicate post*
Last edited by kodon; 06-14-2006 at 12:33 PM.
|
|
|
06-09-2006, 08:01 PM
|
#5
|
Senior Member
Registered: Feb 2006
Location: Seattle, WA: USA
Distribution: Slackware 11.0
Posts: 1,191
Rep:
|
Nice. 3 replies at the same time. You know something is interesting when...
regards,
...drkstr
|
|
|
06-09-2006, 08:03 PM
|
#6
|
Slackware Contributor
Registered: Sep 2005
Location: Eindhoven, The Netherlands
Distribution: Slackware
Posts: 8,559
|
Quote:
Originally Posted by tank728
also I would check to make sure you are root before running the script
|
He wanted a script that runs with root privileges, without the user being root (or having any chance of obtaining root privileges) at all.
Remember to make the script readonly for everyone by the way... I will leave it to your imagination as to the why.
Also, setting the suid bit just like that, on a shell script, is unwise because that is inheritly dangerous.
Eric
|
|
|
06-09-2006, 08:04 PM
|
#7
|
Slackware Contributor
Registered: Sep 2005
Location: Eindhoven, The Netherlands
Distribution: Slackware
Posts: 8,559
|
Quote:
Originally Posted by drkstr
Nice. 3 replies at the same time. You know something is interesting when...
|
People are always attracted to superpower...
Eric
|
|
|
06-09-2006, 08:06 PM
|
#8
|
Member
Registered: May 2006
Location: Frankfurt, Germany
Distribution: SUSE 10.2
Posts: 424
Rep:
|
Quote:
Originally Posted by kodon
set the suid bit
|
This won't work with shell scripts, I'd also recommend using sudo.
|
|
|
06-09-2006, 08:16 PM
|
#9
|
Member
Registered: Jul 2004
Location: [jax][fl][usa]
Distribution: Slackware64-current
Posts: 796
Rep:
|
ahh. never tried it with a script...
i just add stuff like this to my rc.local
but you are correct...even with suid
the script does not inherit the privileges...
|
|
|
06-11-2006, 01:25 AM
|
#10
|
Member
Registered: Mar 2005
Location: Right behind you.
Distribution: NBG, then randomed.
Posts: 480
Rep:
|
Quote:
Originally Posted by tank728
There are a couple of ways to do this. Off the top of my head you can do one of two things.
1)
put the script in /usr/local/bin and then in the
/etc/sudoers file all it root permissions without a
password. Then when you invoke the script do
sudo <script> and you will not get a password prompt
2)
Set the setuid bit with the chmod command, I am sure
what the exact options would be but maybe
chmod 2755 <script>
|
*bzzt* Suid scripts are not allowed anymore because they're too easily exploited. This sort of thing has to be done with sudo or some other similar wrapper. Oh you can set the sticky-bit all you like, but the system will ignore it...
Code:
dagmar@scraps:~$ cat proof.sh
#!/bin/bash
echo $UID
dagmar@scraps:~$ ls -al proof.sh
-rwsr-xr-x 1 root users 22 Jun 11 00:31 proof.sh
dagmar@scraps:~$ ./proof.sh
1000
dagmar@scraps:~$
|
|
|
06-11-2006, 01:35 AM
|
#11
|
Member
Registered: Jul 2004
Location: [jax][fl][usa]
Distribution: Slackware64-current
Posts: 796
Rep:
|
the sticky bit is a completely different subject
|
|
|
06-12-2006, 02:50 AM
|
#12
|
Member
Registered: May 2004
Location: Morgantown, West Virginia
Distribution: Gentoo 2007.0, Straw Hat Linux
Posts: 31
Rep:
|
I'm going to guess that the suid method wouldn't work because the script isn't being executed, it's invoking a seperate application then feeding it commands. Someone correct me if I'm wrong.
I recommend using sudo. There are numerous ways to configure sudo (the man page is over a thousand lines long) but the answer that Alien Bob provided should work great.
|
|
|
06-14-2006, 06:27 AM
|
#13
|
Member
Registered: Mar 2006
Distribution: Slackware
Posts: 63
Rep:
|
Quote:
Originally Posted by kodon
or set the suid bit
|
Security risk.
Shall be avoided at any costs.
|
|
|
06-14-2006, 10:15 AM
|
#14
|
Member
Registered: Jul 2004
Location: [jax][fl][usa]
Distribution: Slackware64-current
Posts: 796
Rep:
|
read the whole thread
|
|
|
06-14-2006, 11:52 AM
|
#15
|
Member
Registered: Jul 2005
Distribution: Slackware
Posts: 244
Original Poster
Rep:
|
Quote:
Originally Posted by Alien Bob
If you save this
Code:
#!/bin/sh
/sbin/ifconfig ra0 inet 192.168.1.234 up
/sbin/route add default gw 192.168.1.1
under the name, say, /usr/local/bin/start_wireless.sh and make it executable, then add this line to the /etc/sudoers file:
Code:
ALL ALL = NOPASSWD: /usr/local/bin/start_wireless.sh
then all you need to do to run the script with root privileges and no password asked is this:
Code:
sudo /usr/local/bin/start_wireless.sh
Eric
|
Thanks AB. That seemed to do the trick. Why though, do I still have to type sudo? Is there any particular reason to put the script in the /usr/local/bin/ directory?
|
|
|
All times are GMT -5. The time now is 04:40 PM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|