Date: Mon, 10 Dec 2001 18:06:39 +0200 From: Peter Pentchev <roam@ringlet.net> To: Sheldon Hearn <sheldonh@starjuice.net> Cc: Ronan Lucio <ronan@melim.com.br>, security@freebsd.org Subject: Re: Accessing as root Message-ID: <20011210180639.J757@straylight.oblivion.bg> In-Reply-To: <60409.1008000194@axl.seasidesoftware.co.za>; from sheldonh@starjuice.net on Mon, Dec 10, 2001 at 06:03:14PM %2B0200 References: <60355.1008000080@axl.seasidesoftware.co.za> <60409.1008000194@axl.seasidesoftware.co.za>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Dec 10, 2001 at 06:03:14PM +0200, Sheldon Hearn wrote: > > > On Mon, 10 Dec 2001 18:01:20 +0200, Sheldon Hearn wrote: > > > > I need to make some scripts to change the password and another > > > things like that need root permissions, but: > > > > > > How can I do it without opening a security hole in the server? > > > What is the best way to do it? > > > > 1) Limit exposure to just those commands that need privelege, by passing > > your command as arguments to the su(1) command. > > This is stupid advice, sorry. > > You need to make your script setuid root (see chmod(1)). If the script > is big, or does complex input handling, consider breaking out the part > that needs privelege into its own smaller script, called by a wrapper > that does input sanity checking. > > Ultimately, you want to limit the privelege to as little work as > possible. And then, of course, there is the security/sudo port, which lets you specify which uid's are allowed to execute which commands as root or whatever other uid, with or without passwords, with or without controlling terminals. G'luck, Peter -- I am not the subject of this sentence. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011210180639.J757>