[H-GEN] Script for Arson?
ben.carlyle at invensys.com
ben.carlyle at invensys.com
Wed Apr 23 23:38:53 EDT 2003
[ Humbug *General* list - semi-serious discussions about Humbug and ]
[ Unix-related topics. Posts from non-subscribed addresses will vanish. ]
Paul Gearon <pag at PISoftware.com>
Sent by: Majordomo <majordom at caliburn.humbug.org.au>
24/04/03 13:10
Please respond to general
To: general at lists.humbug.org.au
cc:
Subject: Re: [H-GEN] Script for Arson?
> > is there a shell script I can write to do this?, I tried using su but
it
> > doesnt seem to allow you to login with a password from the script, I
> > realise it's a bad idea having the root password in a plain text file
> > but what other option do I have?
> You definately NEVER want this! It's a really bad idea! :-)
> In such a situation just create yourself a root-owned script with all
the
> "write" permission bits turned off, and the setuid bit turned on. When
> the script is run the process will have root permissions.
Many unices don't permit scripts to use the setuid bit. I believe linux is
one of them. Alternate approaches include executing the script with sudo
or su -c. Another common approach is to create an executable who's sole
purpose is to run the script within a setuid environment. Sudo and su -c
are better approaches, methinks... :) sudo has the advantage that a user
can use his or her own password to spark the execution whereas the su -c
requires the user to know the root password. You already covered what may
be the best approach in this case, which is to include the user in an
appropriate group for access to the device.
Benjamin.
--
* This is list (humbug) general handled by majordomo at lists.humbug.org.au .
* Postings to this list are only accepted from subscribed addresses of
* lists 'general' or 'general-post'. See http://www.humbug.org.au/
More information about the General
mailing list