From owner-freebsd-questions  Sat Apr  8 12:56:46 2000
Delivered-To: freebsd-questions@freebsd.org
Received: from cc942873-a.ewndsr1.nj.home.com (cc942873-a.ewndsr1.nj.home.com [24.2.89.207])
	by hub.freebsd.org (Postfix) with ESMTP id D40E537B526
	for <freebsd-questions@FreeBSD.ORG>; Sat,  8 Apr 2000 12:56:43 -0700 (PDT)
	(envelope-from cjc@cc942873-a.ewndsr1.nj.home.com)
Received: (from cjc@localhost)
	by cc942873-a.ewndsr1.nj.home.com (8.9.3/8.9.3) id PAA20590;
	Sat, 8 Apr 2000 15:56:39 -0400 (EDT)
	(envelope-from cjc)
Date: Sat, 8 Apr 2000 15:56:38 -0400
From: "Crist J. Clark" <cjc@cc942873-a.ewndsr1.nj.home.com>
To: cache manager <cache@scnc.jps.k12.mi.us>
Cc: freebsd-questions@FreeBSD.ORG
Subject: Re: group rights
Message-ID: <20000408155638.B14643@cc942873-a.ewndsr1.nj.home.com>
Reply-To: cjclark@home.com
References: <Pine.BSF.4.10.10004081426430.90698-100000@scnc.jps.k12.mi.us>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 1.0i
In-Reply-To: <Pine.BSF.4.10.10004081426430.90698-100000@scnc.jps.k12.mi.us>; from cache@scnc.jps.k12.mi.us on Sat, Apr 08, 2000 at 02:38:02PM -0400
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

On Sat, Apr 08, 2000 at 02:38:02PM -0400, cache manager wrote:
> My problem is this : I want to allow a user to execute
> a file normally owned by root. I hope to have the user do all this from
> a shell batch file.
> I want them to be able to restart squid after they have changed a config
> file. I have created a group localadmins and added the user to the group
> localadmins I then chown :localadmins squid
> and now the group localadmins own squid. When I log on as this user and
> try to restart squid it fails I have fooled around with permissions even
> assigned 777 to squid with no luck.  
> Any suggestions would be helpfull I have searched the archives and man
> group. What am I missing?

A setuid bit? See 'man chmod' and look at '4000' in the MODES
section.

You run root owned binaries all of the time, ls, more, rm, etc. Pretty
much all of the system binaries are root owned. This gives no special
permissions to the user executing them.

I think the permissions and ownership you are looking for on your
squid start-up script are,

  # chown root:localadmins squid
  # chmod 4750 squid

-- 
Crist J. Clark                           cjclark@home.com


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message