Path: utzoo!attcan!utgpu!jarvis.csri.toronto.edu!mailrus!purdue!haven!adm!xadmx!danl@midget.towson.edu From: danl@midget.towson.edu Newsgroups: comp.unix.questions Subject: Re: Running processes as root Message-ID: <21240@adm.BRL.MIL> Date: 22 Oct 89 14:34:45 GMT Sender: news@adm.BRL.MIL Lines: 27 Jonathan Bayer writes: >The set-uid bit does not work for shell scripts. You will have to write >a small program (or grab one from the archives) that will then execute >the shell script. The program will be able to use the set-uid bit, and >the script that is run then will run as root. This is generally not >a good idea. All of the above is quite wrong. On all of the BSD derivatives I've used set-uid does work for shell scripts. True, it doesn't work on some AT&T derivatives and you will have to use the scheme described above - a compiled program run set-uid which exec's the appropriate shell with the script as an argument. In most cases, this is a very good idea, if not the only way to do some things. True, you must think ahead to restrict the user to executing only the script you've choosen (i.e. don't use more to display since they can then fork a shell as the super-user), and make sure that the user can't replace your program with his own. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Dan Gosner Internet: danl@midget.towson.edu Operations Manager DGosner@TOE.TOWSON.EDU Towson State University Bitnet: DGosner@TOWSONVX Academic Computing Towson, Maryland 21204 %% VMS pays the bills, but Unix is where my real work gets done. %% ***************************************************************************