Date: Fri, 19 Feb 2016 22:11:11 +0100 From: Polytropon <freebsd@edvax.de> To: Arthur Chance <freebsd@qeng-ho.org> Cc: freebsd-questions@freebsd.org Subject: Re: minimize use of root account Message-ID: <20160219221111.5ead3364.freebsd@edvax.de> In-Reply-To: <56C72C45.2050606@qeng-ho.org> References: <CACo--mv9qU2ZwtTuZRQBpioEr%2BenT=sd-SJ79BFumZt5aL18jg@mail.gmail.com> <20160219120503.fc97ef10.freebsd@edvax.de> <56C72C45.2050606@qeng-ho.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, 19 Feb 2016 14:52:53 +0000, Arthur Chance wrote: > On 19/02/2016 11:05, Polytropon wrote: > > On Fri, 19 Feb 2016 16:29:43 +1100, Yudi V wrote: > >> Hi all, > >> > >> currently I use the below script to load geli devices and import zpool. It > >> needs to be run as root. > >> how to run this script as normal user, is there a group that the user needs > >> to be part of? > > > > No, not for this task. > > > > There are different ways to do it. > > > > 1. You can set the script itself to "run as root" (chmod +s) when > > the script is owned by root:root. Regular users may then execute it. > > I thought suid scripts were disabled years ago because they were a major > security loophole? You're right - it's the case. % ll root_test.sh -rwsr-sr-x 1 poly poly 24 2016-02-19 19:25:20 root_test.sh* % cat root_test.sh #!/bin/sh id -u whoami % ./root_test.sh 2000 poly % sudo ./root_test.sh 0 root I think this is fully intended. -- Polytropon Magdeburg, Germany Happy FreeBSD user since 4.0 Andra moi ennepe, Mousa, ...
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20160219221111.5ead3364.freebsd>