Date: Sat, 29 Aug 2009 02:11:28 +0200 From: Polytropon <freebsd@edvax.de> To: Jeronimo Calvo <jeronimocalvop@googlemail.com> Cc: freebsd-questions@freebsd.org Subject: Re: SUID permission on Bash script Message-ID: <20090829021128.f4966942.freebsd@edvax.de> In-Reply-To: <beaf3aa50908280124pbd2c760v8d51eb4ae965dedc@mail.gmail.com> References: <beaf3aa50908280124pbd2c760v8d51eb4ae965dedc@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, 28 Aug 2009 09:24:35 +0100, Jeronimo Calvo <jeronimocalvop@googlemail.com> wrote: > content of script: > ]#!/usr/local/bin/bash ^ This ] doesn't belong to the script, does it? Furthermore, why do you employ bash for calling another program? It's standard to use sh (#!/bin/sh) if you don't use bash-specific commands and constructs, and I don't see them here. If you care for portablility, such a script is an absulute no-go. Furthermore, in order to perform shutdown -p now it's more convenient to use the sudo command (from ports) and add a rule (for maximum security) for the specific user who you want to be able to run this command. Finally, it's possible to place the user in question into the group "operator", then he can perform the above command without needing (1st) sudo and (2nd) bash. Look at the permissions of the shutdown program: -r-sr-x--- 1 root operator /sbin/shutdown* Members of "operator" are +x for this binary. -- Polytropon Magdeburg, Germany Happy FreeBSD user since 4.0 Andra moi ennepe, Mousa, ...
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20090829021128.f4966942.freebsd>