Xref: utzoo comp.unix.shell:908 comp.unix.ultrix:5340
Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!wuarchive!zaphod.mps.ohio-state.edu!van-bc!robinson
Newsgroups: comp.unix.shell,comp.unix.ultrix
Subject: Re: how to setuid for shell scripts on ultrix?
Message-ID: <1990Nov15.181448.23231@mdivax1.uucp>
Date: 15 Nov 90 18:14:48 GMT
References: <25009@adm.brl.mil>
Reply-To: mdivax1!robinson (Jim Robinson)
Organization: Mobile Data International, Richmond, B.C., Canada
Lines: 18
Return-Path: <mdivax1!robinson>
Apparently-To: van-bc!rnews

In article <25009@adm.brl.mil> K390590%AEARN@pucc.princeton.edu ( Steinparz Franz) writes:
>Could someone give me advice how to make a shell script which inherits
>its access rights from its owner as this is done by set uid for regular
>programs. Just setting the set uid bit via CHMOD 06xxx does not work
>on vax under ultrix.

I have always been under the impression that setuid shell scripts
intentionally do not work for BSD derived unixes in deference to security
considerations.  However, our experience with ultrix 4.0 (and I believe
2.0) is that *if and only if* "#!/bin/some-shell" is the first line of the
script, then setuid will work for that script. However, does this behaviour
not violate the whole point of not allowing setuid shell scripts - i.e.,
that they are a security risk?  And, if it was indeed the intention to
allow setuid shell scripts, why not go all the way and not require the
leading "#!/bin/shell" as is the case with System V?
-- 
Jim Robinson
{uunet,ubc-cs}!van-bc!mdivax1!robinson