topic Re: interrupting a script run as root in Operating System - HP-UX

interrupting a script run as root

federico_3 — Thu, 07 Feb 2002 09:27:35 GMT

i have to run, as a normal user, a script with the root permission. How can i avoid to enter the root shell if interrupt the execution of the script ?

Thanks
Federico

Re: interrupting a script run as root

Deepak Extross — Thu, 07 Feb 2002 09:31:58 GMT

If the script is owned by root with su-id bit on, and others have only execute permission, I guess it should be OK.
Just be careful not to allow others write permission on the script!

Re: interrupting a script run as root

Steven Sim Kok Leong — Thu, 07 Feb 2002 09:54:27 GMT

Hi,

I use restricted SAM for such purposes. Easy menu-system for the user, let them execute with root privileges for restricted commands.

# sam -r

Hope this helps. Regards.

Steven Sim Kok Leong

Re: interrupting a script run as root

Darrell Allen — Thu, 07 Feb 2002 15:33:46 GMT

Hi Federico,

I believe that when the user breaks out of the script, he will be returned to his shell, not root's. However, it is good practice to use the trap statement in your shell scripts. For example:

trap "" 2

This tells the script to ignore signal 2, the interrupt or break signal. The effect is you can't break out of the script with CTRL-C.

man 1 kill for the most commonly used signals. kill -l (lowercase letter l) lists all signals. man sh-posix (or the other shells) for more info.

Darrell

Re: interrupting a script run as root

Bill Hassell — Fri, 08 Feb 2002 01:18:17 GMT

Actually, giving any script root SUID permission is a big security risk. It is much safer to write an executable to perform the task. Or to use sudo (freeware that can be downloaded).

For now, prevent interrupting the shell script the same way as /etc/profile does it:

trap "" 1 2 3

Make this the first statement after your shell script loader (ie, first line must be #!/usr/bin/sh). Note: every shell script should start with #!/usr/bin/shell_name

Re: interrupting a script run as root

Wodisch — Fri, 08 Feb 2002 07:43:21 GMT

Hello Frederic,

start the last command with "exec" - if that is aborted somehow, there will be no shell "left"...

Just my $0.02,
Wodisch

Re: interrupting a script run as root

ian Dennison — Fri, 08 Feb 2002 09:27:57 GMT

If this is a long-term requirement, wny not investigate 'sudo' (from the HP Porting Centre)? This gives the ability to grant root access for certain Users without compromising security.

Share and Enjoy! Ian