Date: Mon, 4 Aug 1997 16:04:29 +0000 (GMT) From: "Jonathan A. Zdziarski" <jonz@netrail.net> To: FreeBSD Mailing List <freebsd@atipa.com> Cc: ports@FreeBSD.ORG, security@FreeBSD.ORG Subject: Re: SetUID Message-ID: <Pine.BSF.3.95q.970804160424.9678A-100000@netrail.net> In-Reply-To: <Pine.BSF.3.91.970804131806.8529A-100000@dot.ishiboo.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Ah that explains it. Thanx ------------------------------------------------------------------------- Jonathan A. Zdziarski NetRail Incorporated Server Engineering Manager 230 Peachtree St. Suite 500 jonz@netrail.net Atlanta, GA 30303 http://www.netrail.net (888) - NETRAIL ------------------------------------------------------------------------- On Mon, 4 Aug 1997, FreeBSD Mailing List wrote: : :Johnathan, : :As far as I know, shell scripts can not bet setuid root. You would need :to setuid root all the binaries evoked from the shell, which is not a :great idea. : :You could instead write a setuid "wrapper" of some sort that runs a :shell script (or set of scripts), using c, c++, etc. : :Kevin : :On Mon, 4 Aug 1997, Jonathan A. Zdziarski wrote: : :> Not sure if this is the right forum for this but... :> :> I recently, in an attempt to make my FreeBSD a litle more system Vish :> like I'm used to, create a set of /sbin/init.d scripts to start and stop :> services, and wired this and rc3.d into /etc/rc. It works fine, but then :> I took it a step further, and made the noc-executable, and noc-setuid root :> so that anybody in the noc could restart them without having to be in sudo :> for it. For some odd reason (and this may just be a FreeBSD thing that :> I'm not used to), I get the error that the script doesn't have permission :> to kill the current running process (most which are running as root) even :> though it's setuid (I've tried setuid and setgid as well). Now I'm used :> to setuid programs running AS root - having basically superuser abilities, :> but that appears to be different here. Could someone explain to me how to :> set up a setuid program that acts like its a real setuid program (su) to :> do something like this? :> :> :> ------------------------------------------------------------------------- :> Jonathan A. Zdziarski NetRail Incorporated :> Server Engineering Manager 230 Peachtree St. Suite 500 :> jonz@netrail.net Atlanta, GA 30303 :> http://www.netrail.net (888) - NETRAIL :> ------------------------------------------------------------------------- :> :> :
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.95q.970804160424.9678A-100000>