Date: Tue, 11 Dec 2001 10:31:03 +0000 From: Rasputin <rasputin@submonkey.net> To: Sheldon Hearn <sheldonh@starjuice.net> Cc: security@freebsd.org Subject: Re: Accessing as root Message-ID: <20011211103103.A1668@shikima.mine.nu> In-Reply-To: <60409.1008000194@axl.seasidesoftware.co.za>; from sheldonh@starjuice.net on Mon, Dec 10, 2001 at 06:03:14PM %2B0200 References: <60355.1008000080@axl.seasidesoftware.co.za> <60409.1008000194@axl.seasidesoftware.co.za>
next in thread | previous in thread | raw e-mail | index | archive | help
* Sheldon Hearn <sheldonh@starjuice.net> [011210 16:05]: > > > On Mon, 10 Dec 2001 18:01:20 +0200, Sheldon Hearn wrote: > > > > I need to make some scripts to change the password and another > > > things like that need root permissions, but: > > > > > > How can I do it without opening a security hole in the server? > > > What is the best way to do it? > > > > 1) Limit exposure to just those commands that need privelege, by passing > > your command as arguments to the su(1) command. > > This is stupid advice, sorry. > > You need to make your script setuid root (see chmod(1)). Can you do that on FreeBSD? Most moderm UNIXes don't allow suid scripts. -- Rasputin :: Jack of All Trades - Master of Nuns :: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011211103103.A1668>