https://community.hpe.com/t5/operating-system-hp-ux/suid/m-p/2430812#M2968 thanks..... Fri, 14 Jul 2000 14:13:18 GMT f. halili 2000-07-14T14:13:18Z https://community.hpe.com/t5/operating-system-hp-ux/suid/m-p/2430808#M2964 Any brief idea about suid???<BR />Any good docs discussing suid??<BR /> Fri, 14 Jul 2000 13:05:55 GMT https://community.hpe.com/t5/operating-system-hp-ux/suid/m-p/2430808#M2964 f. halili 2000-07-14T13:05:55Z https://community.hpe.com/t5/operating-system-hp-ux/suid/m-p/2430809#M2965 Are you talking about Sybase? or HPUX? Fri, 14 Jul 2000 13:13:37 GMT https://community.hpe.com/t5/operating-system-hp-ux/suid/m-p/2430809#M2965 Philip Chan_1 2000-07-14T13:13:37Z https://community.hpe.com/t5/operating-system-hp-ux/suid/m-p/2430810#M2966 suid scripts are fairly risky to say the least. If they are not carefully coded, they can be broken out of giving a normal user root capability. <BR />A much better approach to suid scripts/programs is to use the software sudo. A package to allow commands to be run as the superuser. Sudo determines who is an authorised user by consulting your /etc/sudoers database. The program prompts for a user's password to initiate a validation period of N minutes, here N is defined at installation time. N.B. There is no easy way to prevent a user from gaining a root shell if he has access to commands that are shell scripts or that allow shell escapes.<BR />This is available at the Software Porting And Archive Centre for HP-UX:<BR /><A href="http://hpux.cs.utah.edu/" target="_blank">http://hpux.cs.utah.edu/</A> or<BR /><A href="http://hpux.cae.wisc.edu/" target="_blank">http://hpux.cae.wisc.edu/</A> or<BR /><A href="http://hpux.connect.org.uk/" target="_blank">http://hpux.connect.org.uk/</A><BR /><BR />Brian<BR />&lt;*(((&gt;&lt; er<BR /> Fri, 14 Jul 2000 13:18:16 GMT https://community.hpe.com/t5/operating-system-hp-ux/suid/m-p/2430810#M2966 Brian M. Fisher 2000-07-14T13:18:16Z https://community.hpe.com/t5/operating-system-hp-ux/suid/m-p/2430811#M2967 See ITRC Knowledge Base document id A5555024 "Sys Adm: general suid questions-permissions and user classes" for an explanation of SUID.<BR /><BR />See also "Essential System Administration" in the O'Reilly series of UNIX books, Chapter 6: Security. Fri, 14 Jul 2000 13:21:25 GMT https://community.hpe.com/t5/operating-system-hp-ux/suid/m-p/2430811#M2967 Cheryl Griffin 2000-07-14T13:21:25Z https://community.hpe.com/t5/operating-system-hp-ux/suid/m-p/2430812#M2968 thanks..... Fri, 14 Jul 2000 14:13:18 GMT https://community.hpe.com/t5/operating-system-hp-ux/suid/m-p/2430812#M2968 f. halili 2000-07-14T14:13:18Z https://community.hpe.com/t5/operating-system-hp-ux/suid/m-p/2430813#M2969 Don't forget that setting the suid bit only suid's for file permissions. It will not work for commands. Lately I have been using SAMs ability to allow custom menus and applications to run as root for example. This basically is the same as "sudo" but comes included with HPUX instead of another 3rd party app to be administered. I use this to allow operators to run backups as root and help desk persons to reset non-root user passwords. The scripts you write that are called upon by the restricted SAM MUST be secure and fool proof. Sat, 22 Jul 2000 10:49:20 GMT https://community.hpe.com/t5/operating-system-hp-ux/suid/m-p/2430813#M2969 Tim Nelson 2000-07-22T10:49:20Z