HPE Community
Operating System - HP-UX
1826639 Members
3326 Online
109695 Solutions
New Discussion

Assign root privileges to an other user

 
SOLVED
Go to solution
Sergio Tancredi
Occasional Advisor

‎04-13-2001 03:07 AM

‎04-13-2001 03:07 AM

Assign root privileges to an other user

Hi,
I need to assign the permission of execution of one shell script to an only user (beyond root).
The owner of this shell script is root.
This script executes various commands (It kills processes of which the owner is root, It changes the permissions to some files of which he is not owner, etc...).
I've tried with the command 'chmod +s myscript' but it has not worked.
Some errors:
chmod: Not owner
kill: PID: permission denied

Notes: I can't use "sudo" (It's not supported by HP)!!!

Thanks in advance,
Sergio

0 Kudos
Reply
12 REPLIES 12
Thierry Poels_1
Honored Contributor

‎04-13-2001 03:26 AM

‎04-13-2001 03:26 AM

Re: Assign root privileges to an other user

Hi,
chmod +s is only valid for executables.
You could indeed used sudo,
or you can write & compile a little C-script which simply executes your shell script, and then chmod +s the C-executable.
good luck,
Thierry.
All unix flavours are exactly the same . . . . . . . . . . for end users anyway.
0 Kudos
Reply
Steffi Jones_1
Esteemed Contributor

‎04-13-2001 05:35 AM

‎04-13-2001 05:35 AM

Re: Assign root privileges to an other user

Hello,

I can think of one other way, but sudo (even I think that sudo would do great because if gives you a monitoring feature as well).

Start restricted sam and set it up through sam.
Restricted sam is started with

#sam -r

Steffi Jones
0 Kudos
Reply
Kevin Wright
Honored Contributor

‎04-13-2001 08:41 AM

‎04-13-2001 08:41 AM

Re: Assign root privileges to an other user

You need to be the owner of the file to do a chmod, if the file is owned by root, which I assume it is, then become root, and do a chmod 4755. this will set the SETUID bit, and whoever executes this command will cause it to run as if root ran it..just like the passwd command. make sure that nobody else can write to this file, and the script should work.
also chmod u+s file will work.
0 Kudos
Reply
Thierry Poels_1
Honored Contributor

‎04-13-2001 08:55 AM

‎04-13-2001 08:55 AM

Re: Assign root privileges to an other user

Kevin, Sergio is refering to a shell script. Shell scripts cannot have the sticky bit set.
All unix flavours are exactly the same . . . . . . . . . . for end users anyway.
0 Kudos
Reply
Piotr Bronisz
Occasional Advisor

‎04-13-2001 11:44 AM

‎04-13-2001 11:44 AM

Re: Assign root privileges to an other user

Hi,
I do not agree with Thierry Poels.
chmod +s is valid for scripts also.
You have to insert the first line:
#!/usr/bin/sh
and suid works.
Piotr
0 Kudos
Reply
Joseph A Benaiah_1
Regular Advisor

‎04-15-2001 04:31 PM

‎04-15-2001 04:31 PM

Re: Assign root privileges to an other user

I just thought that I would add my few pennies to this. In addition to ensuring that the suid is set i.e 4755, the script needs to be owned by root. This executes all commands with an euid of 0 when the script is run.

In general, suid scripts and programs do represent a security risk. I myself only use the root suid on programs written in C if absolutely necessary.

Cheers,

Joseph.
0 Kudos
Reply
Ed Ulfers
Frequent Advisor

‎04-17-2001 10:50 AM

‎04-17-2001 10:50 AM

Re: Assign root privileges to an other user

I have taken a slightly different approach to solving this problem in our environment, and this works:

Create a new group whose only member is this userid you want empowered. (Alternatively, I use the built-in group "adm" for administration purposes)

chown root:
chmod 4750
This allows members of this restricted group to execute the script which runs as root (from the sticky bit).

I use it for one of my applications that opens port and needs root ownership when running.

Hope this helps...
Ed Ulfers
Put a smile on your users face, offer them a kiss (Hershey's Kiss).
0 Kudos
Reply
Sergio Tancredi
Occasional Advisor

‎04-18-2001 02:50 AM

‎04-18-2001 02:50 AM

Re: Assign root privileges to an other user

Hi All,

I have tried with sam -r but I would prefer that the user in issue assumes root privileges only during the execution of the shell-script.

The better thing could be the C-script.
Could you give me more details about this?

Thanks to everyone,
Sergio
0 Kudos
Reply
Manuel Plaza
Regular Advisor

‎04-18-2001 03:07 AM

‎04-18-2001 03:07 AM

Re: Assign root privileges to an other user

Hi Sergio,

I am using sudo with HP-UX 10.20 and 11.0 and it's OK. I think that this is a very good solution.

Regards,

Manuel
0 Kudos
Reply
Shannon Petry
Honored Contributor

‎04-18-2001 03:49 AM

‎04-18-2001 03:49 AM

Re: Assign root privileges to an other user

Well, other than C-Shell there is really no such thing as C-Script! C-Shell is not too much different than borne or korn shell!

What was being referred to is a C Program. It is relatively easy to use the system() in C to call a standard command. It gets a bit more complex to have this program and what it runs to run as root.

C executes very fast, and has the ability to control all aspects of the environment it is running in. You also have security in the fact that unless you give away your source code, noone can see what is going on. Unlike a script where a user has to have read access. A smart user could potentially use this to do lots of damage to your system!

If your not familiar with Unix C programming, then this will not be easy. If you have no C experience/knowlege at all, then your pretty much SOL cuz it will not be quick and dirty to learn.

Advice. Take C class, then Unix C programming. HP has some nice classes for this, as do lots of Universities.

If you need quick answers, then stick with the scripting for now and follow the advice of others. Or hire a consultant/developer to make the program for you.

Regards,
Shannon
Microsoft. When do you want a virus today?
0 Kudos
Reply
Thierry Poels_1
Honored Contributor

‎04-18-2001 04:23 AM

‎04-18-2001 04:23 AM

Solution

Re: Assign root privileges to an other user

okay, a little bit more detail :

create a file prog.c with following 4 lines:
main()
{
system("/your/dir/yourscript.sh");
}

then compile this little C-program:
cc prog.c

this results in an executable file a.out which you might want to rename to whatever ...
mv a.out whatever
chmod +x whatever # make it executable
chmod +s whatever # set sticky bit

Now let the user execute "whatever", and he will run "yourscript.sh" as root.
(and also award some points to the boys here ;)
good luck,
Thierry.
All unix flavours are exactly the same . . . . . . . . . . for end users anyway.
Reply
Sergio Tancredi
Occasional Advisor

‎04-19-2001 12:46 AM

‎04-19-2001 12:46 AM

Re: Assign root privileges to an other user

Thanks to everyone for any help.
My problem is now resolved !!!
:-)))

Sergio
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.