- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- need to execute a script as root
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Forums
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-28-2006 03:35 PM
07-28-2006 03:35 PM
I have a script that works if I run it as root but not as another user.
The real script actually runs on another server so a solution that would allow a non-root user on system1 to 'remsh -l root system2 script.sh' would be just as good.
Thanks
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-28-2006 03:47 PM
07-28-2006 03:47 PM
Solutione.g.
chown root dangerous.sh
chmod 4550 dangerous.sh
You have to be very careful when such scripts are crafted because they are a security hole one could drive a truck through.
A much better alternative is to non set the setuid bit and let the script be run under sudo -- also sudo will automatically log the activity. You still need to be careful than no one can alter the script.
http://hpux.connect.org.uk/hppd/hpux/Sysadmin/sudo-1.6.8p9/
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-28-2006 05:09 PM
07-28-2006 05:09 PM
Re: need to execute a script as root
sudo is the good solution.
To download it:
from the Porting And Archive Centre for HP-UX
http://hpux.cs.utah.edu/hppd/hpux/Sysadmin/sudo-1.6.8p9/
http://www.courtesan.com/sudo/download.html
wikipedia:
http://en.wikipedia.org/wiki/Sudo
Sudo Manual:
http://www.courtesan.com/sudo/man/sudo.html
Sudo main page:
http://www.courtesan.com/sudo/
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-29-2006 12:51 AM
07-29-2006 12:51 AM
Re: need to execute a script as root
In addition to using 'sudo', in lieu of setting the setuid bit on a script, you can create a C wrapper that holds the setuid setting and simply 'exec's your script. This is safer than directly running setuid scripts.
In fact, on 11.23 you can control whether or not setuid scripts can be run at all. (Some flavors of Unix don't allow them under any conditions.)
By default on 11.23, the kernel parameter 'secure_sid_scripts' is set to one (1) which prevents simple setuid scripts from running. See here for more details:
http://docs.hp.com/en/B2355-60105/secure_sid_scripts.5.html
Regards!
...JRF...
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-29-2006 02:45 AM
07-29-2006 02:45 AM
Re: need to execute a script as root
I know this is a security hole. I need to run SAP's brbackup as the oracle user and I need the brbackup to call my script to create volume groups and such. As it is, brbackup was calling my scripr as the oracle user and that didn't work too well.