Date: Fri, 4 Jan 2002 19:33:18 +0100 From: Erik Trulsson <ertr1013@student.uu.se> To: Dave Raven <dave@kill-9.za.net> Cc: freebsd-questions@FreeBSD.org Subject: Re: More SUID questions. Message-ID: <20020104183318.GA42631@student.uu.se> In-Reply-To: <001801c1953b$80e0a6a0$3800a8c0@DAVE> References: <001801c1953b$80e0a6a0$3800a8c0@DAVE>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Jan 04, 2002 at 06:18:50PM +0200, Dave Raven wrote: > Hello all, > I'm trying to get my sh script (with a goal of doing with perl) to run > as root. > I am probably doing it ALL wrong, but any help would be much > appreciated. > This is what I have so far: > > [root@order] ~ # uname -mrs > FreeBSD 4.4-STABLE i386 > [root@order] ~ # cat test.sh > #!/bin/sh -p > whoami > echo "testtest" > /root/foo > [root@order] ~ # ls -l test.sh > -rwsr-xr-x 1 root wheel 49 Jan 4 18:18 test.sh > [root@order] ~ # su phoenix > su-2.05$ ./test.sh > phoenix > ./test.sh: cannot create /root/foo: permission denied > > What is it I'm doing wrong? Nothing. You just can't do what you want. Due to security concerns FreeBSD does not support setuid scripts. If it was supported the way you are doing it would be correct. One workaround is to write a small wrapper program in C (or some other compiled language) which doesn't do anything except execute your script, and then run this program setuid. For perl you can compile a special setuid version of perl called suidperl to run perl scripts setuid. For more information on this see the ENABLE_SUIDPERL flag in make.conf(5) and also the perlsec(1) man-page. -- <Insert your favourite quote here.> Erik Trulsson ertr1013@student.uu.se To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020104183318.GA42631>