HPE Community
Operating System - HP-UX
1847329 Members
2288 Online
110264 Solutions
New Discussion

Giving a script root access

 
SOLVED
Go to solution
Ullrich Rieger
Occasional Contributor

‎10-06-2000 07:19 AM

‎10-06-2000 07:19 AM

Giving a script root access

I created a script, containing the statement
chown user myfile
to change the owner of a file that I am not owner of. I set the s-bit of the script file and tried to execute the script as an ordinary user. I got the messsage:
myfile: not owner

setting the s-bit of a chown works fine.
What's wrong?
0 Kudos
Reply
4 REPLIES 4
John Palmer
Honored Contributor

‎10-06-2000 07:21 AM

‎10-06-2000 07:21 AM

Solution

Re: Giving a script root access

Is the first line of your script:-

#!/usr/bin/sh
or
#!/usr/bin/ksh

This is required to get setuid to work with a script. Test it by getting the script to execute 'id'.

Regards,
John
Reply
James R. Ferguson
Acclaimed Contributor

‎10-06-2000 07:40 AM

‎10-06-2000 07:40 AM

Re: Giving a script root access

Hi:

For what it's worth, here's two comments.

Of course, remember the dangers associated with suid scripts. You'll certainly be asked to explain where and why you have them by an auditor.

Also, depending on the commands you are using within your scirpt, you'll probably need/want to to specify absolute paths. Root's default PATH includes /usr/sbin where common user's don't (and don't need to).

...JRF...
0 Kudos
Reply
Alan Riggs
Honored Contributor

‎10-06-2000 12:33 PM

‎10-06-2000 12:33 PM

Re: Giving a script root access

Also -- please remember to trap escape sequences in your script. You do not want to allow a user to gain a root shell simply by hitting CTRL-c.
0 Kudos
Reply
Bill Hassell
Honored Contributor

‎10-06-2000 09:33 PM

‎10-06-2000 09:33 PM

Re: Giving a script root access

To reiterate the issues about security: set user-ID scripts for root access are the worst security hole you can provide. It is quite easy to subvert a script by interrupting it or change the environment in which it runs to gain super user privileges.

Strongly reconsider the use of scripts and instead, write a program with appropriate precautions. Executables are much more secure in a suid application.


Bill Hassell, sysadmin
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.