HPE Community
Operating System - HP-UX
1753642 Members
5062 Online
108798 Solutions
New Discussion юеВ

run script as root

 
SOLVED
Go to solution
Jim Mickens
Frequent Advisor

тАО08-20-2001 12:10 PM

тАО08-20-2001 12:10 PM

run script as root

I have a script that my users can use to move their completed job files to an online archive area for holding. We were having trouble with some of the files being moved due to priveleges, so I added a command to change the priv of all the files in the directory. Now the problem is not all the files belong to the same user, so unless the person running the script owns all the files, they can't change the priv. settings. Is there any way to set up the script so that it runs as if it was being run by root, but so that any user can run the script?
0 Kudos
Reply
11 REPLIES 11
Jerry Zhang
Frequent Advisor

тАО08-20-2001 12:24 PM

тАО08-20-2001 12:24 PM

Solution

Re: run script as root

You can use SUID on the script, so that any user can run it as the owner. For example,

# ll test
-rwxr-xr-x 1 root sys ... test

# chmod 4755 test
# ll test
-rwsr-xr-x 1 root sys ... test

Hope it helps.
Reply
Mladen Despic
Honored Contributor

тАО08-20-2001 12:28 PM

тАО08-20-2001 12:28 PM

Re: run script as root

Hi Jim,

If it is acceptable to your users, I would set up a cron job by root that would run your script at certain times on a regular basis.

Regards ... Mladen
0 Kudos
Reply
linuxfan
Honored Contributor

тАО08-20-2001 12:29 PM

тАО08-20-2001 12:29 PM

Re: run script as root

Hi Jim,

you can use "sudo". You can set it up such that regular users can run scripts/commands as other users/root without having suid/sgid scripts and also it logs all the commands run.

You can download the source from
ftp://ftp.courtesan.com/pub/sudo
or download sudo in swinstall format from
http://hpux.cs.utah.edu/hppd/hpux/Sysadmin/sudo-1.6.2b1/

-HTH
Ramesh
They think they know but don't. At least I know I don't know - Socrates
0 Kudos
Reply
Jim Mickens
Frequent Advisor

тАО08-20-2001 12:32 PM

тАО08-20-2001 12:32 PM

Re: run script as root

The SUID did the trick. I think the script used to be that way, but somehow got turned off recently. My users started reporting that the script didn't work a couple of weeks ago. Lord knows how long it didn't work before they started telling me.

0 Kudos
Reply
Thierry Poels_1
Honored Contributor

тАО08-20-2001 12:33 PM

тАО08-20-2001 12:33 PM

Re: run script as root

hi,

chmod u+s has NO effect on shell scripts !!

so, other options:
- write a little C-program to do your stuff (possibly by only using host commands) and "chmod u+s" the executable file.
- use sudo
- launch the script from root's crontab every n minutes
- ...

good luck,
Thierry.
All unix flavours are exactly the same . . . . . . . . . . for end users anyway.
Reply
Deshpande Prashant
Honored Contributor

тАО08-20-2001 12:33 PM

тАО08-20-2001 12:33 PM

Re: run script as root

Hi
Try setting SUID bit on the script to be run as root or other user id.
-rws-r-xr-x 1 root users 18667 Aug 26 2000 check-lg-space.ksh
Everybody will be able to run above script as root.

-rws-r-xr-- 1 dmcapp1 users 18667 Aug 26 2000 start-dm-app.ksh
Members of users group will be able to run above script as user dmcapp1.


Prashant.
Take it as it comes.
Reply
Sridhar Bhaskarla
Honored Contributor

тАО08-20-2001 06:47 PM

тАО08-20-2001 06:47 PM

Re: run script as root

I wonder suid bit will work for the scripts. You can write a small c program and embed the script in it.

main ()
{
system ("your_script_name");
}

Compile and give suid to the executable.

SUID on script won't work.

-Sri
You may be disappointed if you fail, but you are doomed if you don't try
Reply
Thierry Poels_1
Honored Contributor

тАО08-20-2001 11:02 PM

тАО08-20-2001 11:02 PM

Re: run script as root

hi,
however you can actually execute "chmod +s" on any file, and see its result with ll : "rws------" : a shell script will NOT be influenced by the set owner bit, it will still be executed by the executing user, not by the owner of the file. I agree with Sridhar on this.
regards,
Thierry.
All unix flavours are exactly the same . . . . . . . . . . for end users anyway.
Reply
Darrell Allen
Honored Contributor

тАО08-21-2001 06:43 AM

тАО08-21-2001 06:43 AM

Re: run script as root

First, be very careful with suid programs and scripts! They can work well but there's a number of security issues involved. If set up without locking down the perms on the files and directories involved, you could leave the system wide open for all kinds of mischievousness as well as for accidental mistakes by your users.

As others have said, suid on a script doesn't work (though I seen different results on different flavors of UNIX). I've included a C program you can modify to call a script and run it as root. The executable will need to be suid but the script itself could have 0 perms.

Also, notice I use setuid(0) within the program. That's because I've had some programs called from a script that didn't work without it even though the suid bit was on the executable.

Though I don't use this anymore, here's how I set it up:

Assuming mis group needs to run "script"

/var/adm/local 550 root:mis
/var/adm/local/src 000 root:sys
/var/adm/local/src/runner.c 000 root:sys
/var/adm/local/bin 010 root:mis
/var/adm/local/bin/runner 4010 root:mis
/var/adm/local/scripts 000 root:sys
/var/adm/local/scripts/script 000 root:sys

As always, use at your own risk.

Darrell
"What, Me Worry?" - Alfred E. Neuman (Mad Magazine)
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.