From owner-freebsd-questions Fri Jan 4 10:33:37 2002 Delivered-To: freebsd-questions@freebsd.org Received: from maila.telia.com (maila.telia.com [194.22.194.231]) by hub.freebsd.org (Postfix) with ESMTP id D650137B41E for ; Fri, 4 Jan 2002 10:33:23 -0800 (PST) Received: from d1o913.telia.com (d1o913.telia.com [195.252.44.241]) by maila.telia.com (8.11.6/8.11.6) with ESMTP id g04IXKr04068 for ; Fri, 4 Jan 2002 19:33:20 +0100 (CET) Received: from falcon.midgard.homeip.net (h185n2fls20o913.telia.com [212.181.163.185]) by d1o913.telia.com (8.8.8/8.8.8) with SMTP id TAA23281 for ; Fri, 4 Jan 2002 19:33:20 +0100 (CET) Received: (qmail 42674 invoked by uid 1001); 4 Jan 2002 18:33:19 -0000 Date: Fri, 4 Jan 2002 19:33:18 +0100 From: Erik Trulsson To: Dave Raven Cc: freebsd-questions@FreeBSD.org Subject: Re: More SUID questions. Message-ID: <20020104183318.GA42631@student.uu.se> Mail-Followup-To: Dave Raven , freebsd-questions@FreeBSD.org References: <001801c1953b$80e0a6a0$3800a8c0@DAVE> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <001801c1953b$80e0a6a0$3800a8c0@DAVE> User-Agent: Mutt/1.3.25i Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Fri, Jan 04, 2002 at 06:18:50PM +0200, Dave Raven wrote: > Hello all, > I'm trying to get my sh script (with a goal of doing with perl) to run > as root. > I am probably doing it ALL wrong, but any help would be much > appreciated. > This is what I have so far: > > [root@order] ~ # uname -mrs > FreeBSD 4.4-STABLE i386 > [root@order] ~ # cat test.sh > #!/bin/sh -p > whoami > echo "testtest" > /root/foo > [root@order] ~ # ls -l test.sh > -rwsr-xr-x 1 root wheel 49 Jan 4 18:18 test.sh > [root@order] ~ # su phoenix > su-2.05$ ./test.sh > phoenix > ./test.sh: cannot create /root/foo: permission denied > > What is it I'm doing wrong? Nothing. You just can't do what you want. Due to security concerns FreeBSD does not support setuid scripts. If it was supported the way you are doing it would be correct. One workaround is to write a small wrapper program in C (or some other compiled language) which doesn't do anything except execute your script, and then run this program setuid. For perl you can compile a special setuid version of perl called suidperl to run perl scripts setuid. For more information on this see the ENABLE_SUIDPERL flag in make.conf(5) and also the perlsec(1) man-page. -- Erik Trulsson ertr1013@student.uu.se To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message