HPE Community
Operating System - HP-UX
1836650 Members
1850 Online
110102 Solutions
New Discussion

Ability to run script as root

 
SOLVED
Go to solution
Adam Noble
Super Advisor

‎10-05-2005 10:50 PM

‎10-05-2005 10:50 PM

Ability to run script as root

All,

I hope somebody can help. I have a requirement to be able to empower our dba's to run their own backup script as root. The script runs commands as a number of different users within the script and only runs succesfully as root. Is there anything I can set on the permissions to enable the oracle user to run the script effectively as root? Sticky bit rings a bell???

Cheers
0 Kudos
Reply
13 REPLIES 13
Pete Randall
Outstanding Contributor

‎10-05-2005 11:11 PM

‎10-05-2005 11:11 PM

Re: Ability to run script as root

"man chmod"


Pete

Pete
0 Kudos
Reply
Adam Noble
Super Advisor

‎10-05-2005 11:14 PM

‎10-05-2005 11:14 PM

Re: Ability to run script as root

Thanks Pete!
0 Kudos
Reply
Yogeeraj_1
Honored Contributor

‎10-05-2005 11:26 PM

‎10-05-2005 11:26 PM

Re: Ability to run script as root

hi,

have you considered also "sudo"?

regards
yogeeraj
No person was ever honoured for what he received. Honour has been the reward for what he gave (clavin coolidge)
Reply
Adam Noble
Super Advisor

‎10-05-2005 11:28 PM

‎10-05-2005 11:28 PM

Re: Ability to run script as root

I'm still trying to find the answer in the man page of chmod....Ha ha so if anyone can tell me please do!!!
0 Kudos
Reply
Pete Randall
Outstanding Contributor

‎10-05-2005 11:35 PM

‎10-05-2005 11:35 PM

Re: Ability to run script as root

Adam,

See the sections on setuid: Set user ID on file execution.

Make the file owned by root with informix access to it by group and then chmod 4000 to give it setuid. It will run as root.


Pete

Pete
Reply
Marco Santerre
Honored Contributor

‎10-05-2005 11:36 PM

‎10-05-2005 11:36 PM

Re: Ability to run script as root

From the man page of chmod

permission One or more of the following letters:

r Add or delete the read permission for who.
w Add or delete the write permission for who.
x Add or delete the execute file (search
directory) permission for who.
s Add or delete the set-owner-ID-on-file- execution or set-group-ID-on-file-execution permission for who. Useful only if u or g is expressed or implied in who.
Cooperation is doing with a smile what you have to do anyhow.
Reply
Adam Noble
Super Advisor

‎10-05-2005 11:38 PM

‎10-05-2005 11:38 PM

Re: Ability to run script as root

Ok chaps cheers! I'm afraid I've never really needed to do this previously so is new to me. I like a bit of Sarcasm anyway so cheers all!!!
0 Kudos
Reply
Muthukumar_5
Honored Contributor

‎10-05-2005 11:40 PM

‎10-05-2005 11:40 PM

Re: Ability to run script as root

By default scripts will not have executiong permission. Check with ls -l . Then change the execution permission with chmod command as,

chmod u+x user permission
chmod g+x group permission
chmod o+x others permission

Or else you can execute as,

sh

hth.
Easy to suggest when don't know about the problem!
0 Kudos
Reply
Vibhor Kumar Agarwal
Esteemed Contributor

‎10-05-2005 11:40 PM

‎10-05-2005 11:40 PM

Re: Ability to run script as root

I think "sudo" will be better option.
Vibhor Kumar Agarwal
0 Kudos
Reply
Muthukumar_5
Honored Contributor

‎10-05-2005 11:51 PM

‎10-05-2005 11:51 PM

Re: Ability to run script as root

I hope i have partially read your question. sudo is suitable. You can use expect script which will do your requirement also.

If you do normally as,

$ su root
Enter Passwd:

with expect scripting it will give input by expecting Enter Passwd: strings.

Another way is piping telnet login to localhost as simply as,

(
sleep 1
echo "root"
sleep 1
echo ""
sleep 1
echo "command to run"
sleep 1
echo "exit"
) | telnet localhost

change username of root and passwd accordingly to user.

hth.
Easy to suggest when don't know about the problem!
Reply
David Child_1
Honored Contributor

‎10-06-2005 12:53 AM

‎10-06-2005 12:53 AM

Solution

Re: Ability to run script as root

Hello all,

Unless I'm mistaken, you can't set up a script as SUID. It is such a big security hole that they set it up so SUID is ignored on shell scripts.

I think if you put a C wrapper around your script and set up SUID on that, it might work.

Your best bet is sudo.

David
Reply
Bill Hassell
Honored Contributor

‎10-06-2005 01:07 AM

‎10-06-2005 01:07 AM

Re: Ability to run script as root

Running a script as root is a common requirement but is an extreme risk to your system's stability and security. The reason is that even if you carefully write the script to prevent getting to a shell prompt, a user can gain unlimited root access. Yes, you can set the SUID bit on the script, change the ownership to root and the script will run as root. You can prevent SUID programs and scripts from running by adding the mount option: nosuid to selected mountpoints. DO NOT use nosuid on /, /usr, /opt since SUID is mandatory for many HP-UX programs. But directories that allow users to create files (/var, /home) should not allow SUID scripts and programs.


Bill Hassell, sysadmin
Reply
Steve McClendon_1
Advisor

‎10-07-2005 01:39 AM

‎10-07-2005 01:39 AM

Re: Ability to run script as root

Would this make sense in your environment?

Restrict the script to root only and place it in the root crontab. Set it to run hourly (or whatever makes sense)to look for a file trigger. If the trigger file exists, then the backup starts. The users can create the trigger file. If the users must supply options, then the option can be placed in (and read from) the trigger file. The file can be removed as part of the backup script.

Using this technique allows you to maintain security.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.