HPE Community
Operating System - HP-UX
1820733 Members
3198 Online
109627 Solutions
New Discussion юеВ

Re: setuid to run as root

 
SOLVED
Go to solution
Rosli Ahmad
Frequent Advisor

тАО11-03-2004 07:46 PM

тАО11-03-2004 07:46 PM

setuid to run as root

Hi,
I need to create a shell script to list file owned by certain retired users and chown them for certain audit requirement. This script need to be run as root because I need to find in all avail filesystems.
I was told to use 'setuid' to run as root, but didn't get the right result even after setting the file permission to 4755.
Pls. advise on the correct way to set this up. Thanks.
0 Kudos
Reply
5 REPLIES 5
Sridhar Bhaskarla
Honored Contributor

тАО11-03-2004 07:51 PM

тАО11-03-2004 07:51 PM

Re: setuid to run as root

Hi,

Try without 'read' permissions for others. 'chmod 4511 file'. It's not a good idea to keep suid files around. Having suid files is one of the major security threats. Create a group with all the required users, change the group ownership of that file to the group and give only execute permission 'chmod 4510 file' to make little safer.

-Sri
You may be disappointed if you fail, but you are doomed if you don't try
0 Kudos
Reply
Fred Ruffet
Honored Contributor

тАО11-03-2004 08:07 PM

тАО11-03-2004 08:07 PM

Re: setuid to run as root

"chmod 4511 file" may not work. You cannot execute a shell script without reading it. Note that you may not set a setuid bit on a script.

A better way is to write a little wrapper. Write a little C program wich does a "system('your shell script')". Compile and set mod to 4555. This will do the trick.

Regards,

Fred
--

"Reality is just a point of view." (P. K. D.)
Reply
Victor BERRIDGE
Honored Contributor

тАО11-03-2004 08:09 PM

тАО11-03-2004 08:09 PM

Re: setuid to run as root

Hi,
As mentionned this is a security breach, install sudo:
http://hpux.connect.org.uk/hppd/hpux/Sysadmin/sudo-1.6.7p5/

And configure so that the user executes the script as root.
the syntax would then be sudo (or sudo -u root...)

All the best
Victor
0 Kudos
Reply
Sridhar Bhaskarla
Honored Contributor

тАО11-04-2004 03:54 AM

тАО11-04-2004 03:54 AM

Solution

Re: setuid to run as root

Hi,

"chmod 4511" works well. But you need to ensure is that the script should have comment interpreter (for ex., #!/usr/bin/ksh). For ex.,

#cat sri.sh
/usr/sbin/ioscan -fnC tape
$ll sri.sh
-r-s--x--x 1 root sys 17 Nov 4 10:49 sri.sh
$./sri.sh
ksh: ./sri.sh: cannot open
#vi sri.sh
#cat sri.sh
#!/usr/bin/ksh
/usr/sbin/ioscan -fnC tape
$./sri.sh
Class I H/W Path Driver S/W State H/W Type Description
=====================================================================
tape 0 0/0/1/0.3.0 stape CLAIMED DEVICE HP C1537A
/dev/rmt/0m /dev/rmt/c0t3d0BESTn
/dev/rmt/0mb ....


Still, I wouldn't suggest you use setuid scripts/programs. For only one script, even sudo may not be required. YOu can setup customized and restricted SAM for it.

-Sri
You may be disappointed if you fail, but you are doomed if you don't try
Reply
Fred Ruffet
Honored Contributor

тАО11-04-2004 04:08 AM

тАО11-04-2004 04:08 AM

Re: setuid to run as root

Sridar,

I learned Linux before Unix, and on a Linux box :
$ ll frutst.sh
-r-s--x--x 1 root root 21 nov 4 18:06 frutst.sh
$ cat frutst.sh
cat: frutst.sh: Permission non accord├Г┬йe
$ /frutst.sh
/frutst.sh: /frutst.sh: Permission non accord├Г┬йe
$ su -
Password:
# cat /frutst.sh
#!/bin/sh
ls /root

Regards,

F
--

"Reality is just a point of view." (P. K. D.)
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.