cancel
Showing results for 
Search instead for 
Did you mean: 

suid script help

 
SOLVED
Go to solution
Belinda Dermody
Super Advisor

Re: suid script help

Daniel, what I see I like, but I went to the GNU site and I couldn't find any reference for gdate and also the HP software site with no luck. Could you point me to where you got it from...
Jeff_Traigle
Honored Contributor

Re: suid script help

I saw the comment that you don't want to use sudo because the users would need to enter their password a second time, but didn't notice anyone addressing your point. What you stated is not necessarily true. There is an option when configuring a command or group that will allow the authorized users to execute the command with entering their password. Check out the sudo man page for the details. I don't remember the syntax off the top of my head, but I know this is possible.
--
Jeff Traigle
Highlighted
A. Daniel King_1
Super Advisor

Re: suid script help

Ah, sorry about the naming. "gdate" is GNU "date" part of the shell-utils (now part of coreutils). The prepending of the "g" is a fairly common practice, but it is not the default name. I've not used this particular package, preferring to compile my own. There seem to be some dependencies, which I donâ t recall needing for the run-time for gdate, though.

http://hpux.cs.utah.edu/hppd/hpux/Gnu/coreutils-5.2.1/

Theyâ ve also got sudo, which is fairly easy to use as well,

http://hpux.cs.utah.edu/hppd/hpux/Sysadmin/sudo-1.6.8p9/

The syntax for the sudo config item without passwords is as follows (presuming your account is jmarrion):

jmarrion ALL = NOPASSWD: /usr/lbin/getprpw

or for a system group called â itrcâ :

%itrc ALL = NOPASSWD: /usr/lbin/getprpw

"visudo" is the configuration command for sudo.

WARNING: This does not limit the use of getprpw to the calling user, so users would be able to read information other than their own. Perhaps something would be better like:

jmarrion ALL = NOPASSWD: /usr/local/bin/getexptm

where getexptm is:

#!/usr/bin/ksh

/usr/lbin/getprpw $LOGNAME
Command-Line Junkie