Path: utzoo!attcan!uunet!lll-winken!ncis.llnl.gov!helios.ee.lbl.gov!pasteur!agate!bionet!csd4.milw.wisc.edu!mailrus!cornell!uw-beaver!rice!sun-spots-request From: loki@physicsa.mcgill.ca (Loki Jorgenson Rm421) Newsgroups: comp.sys.sun Subject: suid doesn't work Message-ID: <8901180148.AA03624@frodo.physicsa.mcgill.ca> Date: 24 Jan 89 02:09:26 GMT Sender: usenet@rice.edu Organization: Sun-Spots Lines: 27 Approved: Sun-Spots@rice.edu Original-Date: Tue, 17 Jan 89 20:48:13 EST X-Sun-Spots-Digest: Volume 7, Issue 117, message 2 of 18 On and off I have tried to get the suid bit of the file mode to function properly. Typically, this has meant that I have set a root owned sh or csh script file with the mode 4755 and tried to execute it as user. I am aware of the limitations of using such a file from a NFS mounted partition but this doesn't work even on the server. Before anyone suggests it, I have specified the suid mount option on the partition and remounted it. (By the by, it's a 3/180 running OS 3.5). Am I missing something critical here? Loki Jorgenson node: loki@physicsa.mcgill.ca Physics, McGill University fax: (514) 398-3733 Montreal Quebec CANADA phone: (514) 398-6531 [[ From your message I gather that you are trying to make a shell script run as a set-uid program. There are two ways in which a script gets "executed". First, the shell checks to see if the system call "exec" can successfully execute it. If it cannot, then the shell starts up a sub-shell with the file as standard input. With this method, it is impossible to have a script set-uid. However, there is the second method. If the text file starts with the two characters "#!", then the *kernel* takes the remainder of the line to be the name of an interpretive program (it also allows one argument to be passed---see the manual page for "execve(2)"). So if the first line in a shell file is "#!/bin/sh" or "#!/bin/csh", then the file can actually be executed like it was a binary executable (it will run when invoked with a call to "exec"). Only this second form can be successfully set-uid. --wnl ]]