https://community.hpe.com/t5/operating-system-hp-ux/execute-as-root/m-p/2467466#M775181 How can I set a shell script to execute as root by another user. I don't want the user to be able to modify the script. Mon, 27 Nov 2000 14:06:43 GMT Joseph Hoh 2000-11-27T14:06:43Z https://community.hpe.com/t5/operating-system-hp-ux/execute-as-root/m-p/2467466#M775181 How can I set a shell script to execute as root by another user. I don't want the user to be able to modify the script. Mon, 27 Nov 2000 14:06:43 GMT https://community.hpe.com/t5/operating-system-hp-ux/execute-as-root/m-p/2467466#M775181 Joseph Hoh 2000-11-27T14:06:43Z https://community.hpe.com/t5/operating-system-hp-ux/execute-as-root/m-p/2467467#M775182 Well, I generally have anything that needs root to run it....run by root. That way I don't have to worry about the other user at all. If a job needs to be run by Oracle than as root I include the scripts into my cron jobs and set up a small file to do the su to Oracle and run the oracle job. I do the same for other users.<BR /><BR />What I'm saying is....as root I will run your jobs...but a user never runs root jobs. That way I know the jobs stay 'untouched'.<BR /><BR />Just a thought, Mon, 27 Nov 2000 14:13:03 GMT https://community.hpe.com/t5/operating-system-hp-ux/execute-as-root/m-p/2467467#M775182 Rita C Workman 2000-11-27T14:13:03Z https://community.hpe.com/t5/operating-system-hp-ux/execute-as-root/m-p/2467468#M775183 Hi Jeff,<BR /><BR />I agree with Rita, but I know it's sometimes unpractical.<BR /><BR />An alternate solution would be to use 'SUDO' that you can freely download at the following address:<BR /><A href="http://www.courtesan.com/sudo/sudo.html" target="_blank">http://www.courtesan.com/sudo/sudo.html</A><BR /><BR />This utility allows you do define 'who' may run 'what' and under which usedid. It's quite powerful.<BR /><BR />Best regards,<BR /><BR />Dan<BR /> Mon, 27 Nov 2000 14:17:59 GMT https://community.hpe.com/t5/operating-system-hp-ux/execute-as-root/m-p/2467468#M775183 Dan Hetzel 2000-11-27T14:17:59Z https://community.hpe.com/t5/operating-system-hp-ux/execute-as-root/m-p/2467469#M775184 setting to effective (not real) user id can be done with sticky bit.<BR /><BR />The first line of the script must contain ie:<BR />#!/sbin/sh<BR /><BR />Change owner of the script<BR /><BR />chown root &lt;script&gt;<BR /><BR />Set sticky bit<BR /><BR />chmod 5755 &lt;script&gt;<BR /><BR /> Mon, 27 Nov 2000 14:19:55 GMT https://community.hpe.com/t5/operating-system-hp-ux/execute-as-root/m-p/2467469#M775184 Rainer_1 2000-11-27T14:19:55Z https://community.hpe.com/t5/operating-system-hp-ux/execute-as-root/m-p/2467470#M775185 Jeff:<BR /><BR />You can do this by setting the set-uid bit. The script in question should be owned by root. Do 'chmod 45xx' on the script and when you run it from a non-root account, the effective uid will be that of root.<BR /><BR />This is a VERY DANGEROUS practice. A better alternative is to use the 'sudo' utility or restricted SAM for functions you need to confer to trusted users.<BR /><BR />...JRF... Mon, 27 Nov 2000 14:23:04 GMT https://community.hpe.com/t5/operating-system-hp-ux/execute-as-root/m-p/2467470#M775185 James R. Ferguson 2000-11-27T14:23:04Z https://community.hpe.com/t5/operating-system-hp-ux/execute-as-root/m-p/2467471#M775186 Hi there.<BR />Another hint. You should run this scripts under ksh, otherwise you could have weird results. I stepped into that trap last week<BR />during an isnatll of 8.1.7<BR />Rgds<BR />Alexander M. Ermes<BR /> Tue, 05 Dec 2000 07:40:54 GMT https://community.hpe.com/t5/operating-system-hp-ux/execute-as-root/m-p/2467471#M775186 Alexander M. Ermes 2000-12-05T07:40:54Z