Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Path: utzoo!watmath!clyde!cuae2!ihnp4!houxm!mtuxo!mtune!akgua!codas!peora!ucf-cs!novavax!houligan!dave@murphy.UUCP
From: dave@murphy.UUCP
Newsgroups: comp.unix.questions
Subject: Re: setuid shell scripts
Message-ID: <13@houligan.UUCP>
Date: Tue, 25-Nov-86 13:30:56 EST
Article-I.D.: houligan.13
Posted: Tue Nov 25 13:30:56 1986
Date-Received: Fri, 28-Nov-86 07:14:28 EST
Organization: Gould Electronics, Ft. Lauderdale, Florida.
Lines: 34

It works on BSD4.2 and 4.3 systems.  I'm pretty sure it does not work on
V7 and SysIII; I can't say for SysV or any other variations.  But, for BSD
systems, you can put the setuid bit on a shell script and it will work as
you expect -- provided that you remember to put an interpreter-specifier
line at the beginning of the script, such as:

#!/bin/csh
 
 or

#!/bin/sh

to specify which shell to run to execute the script.

Use of this feature poses a number of security problems, since shell scripts
aren't usually written with security in mind.  You'll have to evaluate the
risks and benefits for your installation; keep in mind, though, that even if
all of your users are trusted, it's awfully easy to wipe out an entire system
with a faulty shell script running under root, so test your scripts carefully
before installing them with the setuid bit turned on.  At the least, you
should reset $PATH at the beginning of the script so that it contains only
trusted directories (and definitely *not* "."!).

---
It's been said by many a wise philosopher that when you die and your soul
goes to its final resting place, it has to make a connection in Atlanta.

Dave Cornutt, Gould Computer Systems, Ft. Lauderdale, FL
UUCP:  ...{sun,pur-ee,brl-bmd}!gould!dcornutt
 or ...!ucf-cs!novavax!houligan!dcornutt
ARPA: wait a minute, I've almost got it...

"The opinions expressed herein are not necessarily those of my employer,
not necessarily mine, and probably not necessary."