Hi all,
I am working on a simple script that does some network configuration. It
needs to run as root for the calls to ifconfig and route to work, but I
want it to be executed by an ordinairy user (customer).
The script is made suid and owned by root:
-rsrwsr-x 1 root root 770 Jun 14 15:24 changeip
when the script is executed as normal user I get error messages like:
ifconfig: SIOCDIFADDRL Operation not permitted
and
writing to routing socket: Permission denied
The script starts with the line
#!/bin/sh
/bin/sh is a link to /bin/ksh
The os is nto 6.2.1
Thanks,
Pim
“Consequences, Schmonsequences, as long as I’m rich.”
– “Ali Baba Bunny” [1957, Chuck Jones]
The SUID bit does not work on scripts. This is a deliberate feature
present on all unixes. If you really need to do this, you should write
a small wrapper program which can be made suid and use it to execute a
script which has been made unreadable except for root. This way you can
take extra care to make sure that you are running both the proper script
AND the proper shell.
cheers,
Kris
Pim Bollen wrote:
Hi all,
I am working on a simple script that does some network configuration. It
needs to run as root for the calls to ifconfig and route to work, but I
want it to be executed by an ordinairy user (customer).
The script is made suid and owned by root:
-rsrwsr-x 1 root root 770 Jun 14 15:24 changeip
when the script is executed as normal user I get error messages like:
ifconfig: SIOCDIFADDRL Operation not permitted
and
writing to routing socket: Permission denied
The script starts with the line
#!/bin/sh
/bin/sh is a link to /bin/ksh
The os is nto 6.2.1
Thanks,
Pim
Note that in this context “all unixes” does not include QNX4 (ie this
“feature” used to work on QNX4).
And depending on your requirements, you might find “sudo” a useful tool to
use rather than having to roll your own wrapper program. sudo lets you
allow specific users to exectute specific programs as root and syslogs
everything (among other useful features). IIRC sudo builds “out of the box”
for NTO (and I forget whether it is on the 3rd party CD - it should be if
it isn’t).
Rob Rutherford
On Mon, 14 Jun 2004 10:29:33 -0400, Kris Warkentin wrote:
The SUID bit does not work on scripts. This is a deliberate feature
present on all unixes. If you really need to do this, you should write
a small wrapper program which can be made suid and use it to execute a
script which has been made unreadable except for root. This way you can
take extra care to make sure that you are running both the proper script
AND the proper shell.
cheers,
Kris
Pim Bollen wrote:
Hi all,
I am working on a simple script that does some network configuration. It
needs to run as root for the calls to ifconfig and route to work, but I
want it to be executed by an ordinairy user (customer).
The script is made suid and owned by root:
-rsrwsr-x 1 root root 770 Jun 14 15:24 changeip
when the script is executed as normal user I get error messages like:
ifconfig: SIOCDIFADDRL Operation not permitted
and
writing to routing socket: Permission denied
The script starts with the line
#!/bin/sh
/bin/sh is a link to /bin/ksh
The os is nto 6.2.1
Thanks,
Pim