Path: utzoo!utgpu!news-server.csri.toronto.edu!bonnie.concordia.ca!uunet!mcsun!cernvax!cernapo.cern.ch!rtb
From: rtb@cernapo.cern.ch (Rainer Tobbicke)
Newsgroups: comp.sys.apollo
Subject: Re: Problem with setuid shell scripts under Aegis
Message-ID: <rtb.672839570@cernapo.cern.ch>
Date: 28 Apr 91 11:52:50 GMT
References: <1991Apr26.220353.22998@thunder.mcrcim.mcgill.edu>
Sender: news@cernvax.cern.ch
Lines: 24

panisset@thunder.mcrcim.mcgill.edu (Jean-Francois Panisset ) writes:

>Here is a question from an Aegis novice: I am trying to create scripts
>which are to run setuid to root, and things are not working (we are 

>5. Set the setuid bit on for root_script:
>edacl root_script -setuid on

>Error: no rights to change acl - "lock_dir"

It is not clear to me which shell you use, probably /com/sh since
you seem to prefer the Aegis version of the acl handling commands.
But it seems that you run into the same problem you would have using
the chacl command: the -s option (-setuid on in your case) changes the
effective userid. Your script would have to set the real userid, like a
setuid program does, i.e. setuid(geteuid()). I'm not aware of a shell that
does that (although the story sounds familiar since the suid_exec 'scandal'
last year, and I vaguely remember that having something to do with ksh).

--
Rainer Toebbicke       
European Organisation for Nuclear Research (CERN)
Geneva, Switzerland
rtb@cernapo.cern.ch, rtb@cernvm.cern.ch