https://community.hpe.com/t5/operating-system-hp-ux/ability-to-run-script-as-root/m-p/3643087#M809405 hi,<BR /><BR />have you considered also "sudo"?<BR /><BR />regards<BR />yogeeraj Thu, 06 Oct 2005 06:26:58 GMT Yogeeraj_1 2005-10-06T06:26:58Z https://community.hpe.com/t5/operating-system-hp-ux/ability-to-run-script-as-root/m-p/3643084#M809402 All,<BR /><BR />I hope somebody can help. I have a requirement to be able to empower our dba's to run their own backup script as root. The script runs commands as a number of different users within the script and only runs succesfully as root. Is there anything I can set on the permissions to enable the oracle user to run the script effectively as root? Sticky bit rings a bell???<BR /><BR />Cheers Thu, 06 Oct 2005 05:50:07 GMT https://community.hpe.com/t5/operating-system-hp-ux/ability-to-run-script-as-root/m-p/3643084#M809402 Adam Noble 2005-10-06T05:50:07Z https://community.hpe.com/t5/operating-system-hp-ux/ability-to-run-script-as-root/m-p/3643085#M809403 "man chmod"<BR /><BR /><BR />Pete Thu, 06 Oct 2005 06:11:45 GMT https://community.hpe.com/t5/operating-system-hp-ux/ability-to-run-script-as-root/m-p/3643085#M809403 Pete Randall 2005-10-06T06:11:45Z https://community.hpe.com/t5/operating-system-hp-ux/ability-to-run-script-as-root/m-p/3643086#M809404 Thanks Pete! Thu, 06 Oct 2005 06:14:15 GMT https://community.hpe.com/t5/operating-system-hp-ux/ability-to-run-script-as-root/m-p/3643086#M809404 Adam Noble 2005-10-06T06:14:15Z https://community.hpe.com/t5/operating-system-hp-ux/ability-to-run-script-as-root/m-p/3643087#M809405 hi,<BR /><BR />have you considered also "sudo"?<BR /><BR />regards<BR />yogeeraj Thu, 06 Oct 2005 06:26:58 GMT https://community.hpe.com/t5/operating-system-hp-ux/ability-to-run-script-as-root/m-p/3643087#M809405 Yogeeraj_1 2005-10-06T06:26:58Z https://community.hpe.com/t5/operating-system-hp-ux/ability-to-run-script-as-root/m-p/3643088#M809406 I'm still trying to find the answer in the man page of chmod....Ha ha so if anyone can tell me please do!!! Thu, 06 Oct 2005 06:28:01 GMT https://community.hpe.com/t5/operating-system-hp-ux/ability-to-run-script-as-root/m-p/3643088#M809406 Adam Noble 2005-10-06T06:28:01Z https://community.hpe.com/t5/operating-system-hp-ux/ability-to-run-script-as-root/m-p/3643089#M809407 Adam,<BR /><BR />See the sections on setuid: Set user ID on file execution.<BR /><BR />Make the file owned by root with informix access to it by group and then chmod 4000 to give it setuid. It will run as root.<BR /><BR /><BR />Pete Thu, 06 Oct 2005 06:35:32 GMT https://community.hpe.com/t5/operating-system-hp-ux/ability-to-run-script-as-root/m-p/3643089#M809407 Pete Randall 2005-10-06T06:35:32Z https://community.hpe.com/t5/operating-system-hp-ux/ability-to-run-script-as-root/m-p/3643090#M809408 From the man page of chmod<BR /><BR />permission One or more of the following letters:<BR /><BR /> r Add or delete the read permission for who.<BR /> w Add or delete the write permission for who.<BR /> x Add or delete the execute file (search<BR /> directory) permission for who.<BR /> s Add or delete the set-owner-ID-on-file- execution or set-group-ID-on-file-execution permission for who. Useful only if u or g is expressed or implied in who.<BR /> Thu, 06 Oct 2005 06:36:02 GMT https://community.hpe.com/t5/operating-system-hp-ux/ability-to-run-script-as-root/m-p/3643090#M809408 Marco Santerre 2005-10-06T06:36:02Z https://community.hpe.com/t5/operating-system-hp-ux/ability-to-run-script-as-root/m-p/3643091#M809409 Ok chaps cheers! I'm afraid I've never really needed to do this previously so is new to me. I like a bit of Sarcasm anyway so cheers all!!! Thu, 06 Oct 2005 06:38:20 GMT https://community.hpe.com/t5/operating-system-hp-ux/ability-to-run-script-as-root/m-p/3643091#M809409 Adam Noble 2005-10-06T06:38:20Z https://community.hpe.com/t5/operating-system-hp-ux/ability-to-run-script-as-root/m-p/3643092#M809410 By default scripts will not have executiong permission. Check with ls -l <FILE>. Then change the execution permission with chmod command as,<BR /><BR /> chmod u+x <FILE> user permission<BR /> chmod g+x <FILE> group permission<BR /> chmod o+x <FILE> others permission<BR /><BR /> Or else you can execute as,<BR /><BR /> sh <FILENAME><BR /><BR />hth.<BR /></FILENAME></FILE></FILE></FILE></FILE> Thu, 06 Oct 2005 06:40:12 GMT https://community.hpe.com/t5/operating-system-hp-ux/ability-to-run-script-as-root/m-p/3643092#M809410 Muthukumar_5 2005-10-06T06:40:12Z https://community.hpe.com/t5/operating-system-hp-ux/ability-to-run-script-as-root/m-p/3643093#M809411 I think "sudo" will be better option. Thu, 06 Oct 2005 06:40:47 GMT https://community.hpe.com/t5/operating-system-hp-ux/ability-to-run-script-as-root/m-p/3643093#M809411 Vibhor Kumar Agarwal 2005-10-06T06:40:47Z https://community.hpe.com/t5/operating-system-hp-ux/ability-to-run-script-as-root/m-p/3643094#M809412 I hope i have partially read your question. sudo is suitable. You can use expect script which will do your requirement also.<BR /><BR />If you do normally as,<BR /><BR />$ su root<BR />Enter Passwd: <BR /><BR />with expect scripting it will give input by expecting Enter Passwd: strings.<BR /><BR />Another way is piping telnet login to localhost as simply as,<BR /><BR />(<BR /> sleep 1<BR /> echo "root"<BR /> sleep 1<BR /> echo "<PASSWD>"<BR /> sleep 1<BR /> echo "command to run"<BR /> sleep 1<BR /> echo "exit"<BR />) | telnet localhost<BR /><BR />change username of root and passwd accordingly to user.<BR /><BR />hth. <BR /></PASSWD> Thu, 06 Oct 2005 06:51:07 GMT https://community.hpe.com/t5/operating-system-hp-ux/ability-to-run-script-as-root/m-p/3643094#M809412 Muthukumar_5 2005-10-06T06:51:07Z https://community.hpe.com/t5/operating-system-hp-ux/ability-to-run-script-as-root/m-p/3643095#M809413 Hello all,<BR /><BR />Unless I'm mistaken, you can't set up a script as SUID. It is such a big security hole that they set it up so SUID is ignored on shell scripts. <BR /><BR />I think if you put a C wrapper around your script and set up SUID on that, it might work. <BR /><BR />Your best bet is sudo.<BR /><BR />David Thu, 06 Oct 2005 07:53:37 GMT https://community.hpe.com/t5/operating-system-hp-ux/ability-to-run-script-as-root/m-p/3643095#M809413 David Child_1 2005-10-06T07:53:37Z https://community.hpe.com/t5/operating-system-hp-ux/ability-to-run-script-as-root/m-p/3643096#M809414 Running a script as root is a common requirement but is an extreme risk to your system's stability and security. The reason is that even if you carefully write the script to prevent getting to a shell prompt, a user can gain unlimited root access. Yes, you can set the SUID bit on the script, change the ownership to root and the script will run as root. You can prevent SUID programs and scripts from running by adding the mount option: nosuid to selected mountpoints. DO NOT use nosuid on /, /usr, /opt since SUID is mandatory for many HP-UX programs. But directories that allow users to create files (/var, /home) should not allow SUID scripts and programs. Thu, 06 Oct 2005 08:07:43 GMT https://community.hpe.com/t5/operating-system-hp-ux/ability-to-run-script-as-root/m-p/3643096#M809414 Bill Hassell 2005-10-06T08:07:43Z https://community.hpe.com/t5/operating-system-hp-ux/ability-to-run-script-as-root/m-p/3643097#M809415 Would this make sense in your environment?<BR /><BR />Restrict the script to root only and place it in the root crontab. Set it to run hourly (or whatever makes sense)to look for a file trigger. If the trigger file exists, then the backup starts. The users can create the trigger file. If the users must supply options, then the option can be placed in (and read from) the trigger file. The file can be removed as part of the backup script.<BR /><BR />Using this technique allows you to maintain security. Fri, 07 Oct 2005 08:39:38 GMT https://community.hpe.com/t5/operating-system-hp-ux/ability-to-run-script-as-root/m-p/3643097#M809415 Steve McClendon_1 2005-10-07T08:39:38Z