[TriLUG] running script as mail alias, script running as specific user
Matthew Hoover
matth at haht.com
Tue Jan 15 15:20:59 EST 2002
> suid bit is ignored for scripts by design i think
>
> I think I once accomplished this by using #!/bin/su -someargs
> But this would only work if the originating user was root.
>
> Or you could wrap the script with another script that says su user -c
> "/usr/.../thetrees"
> Again this would require the originating user to be root.
Another thing that you could try is to create a link to the shell
executable,
and then suid the link. Then instead of directly calling the script, call
the
shell (via the link), with the script as an argument. Since the permissions
are stored on the link, not on the shell, this should not cause problems for
other users of the shell. There are some obvious security issues that will
have to be dealt with, but by placing the link to the shell in a directory
with very limited access, you should be able to block people from
accessing it.
Of course, I haven't tried this, but it would be interesting to see if it
works. If only I had more time....;-)
--matt hoover
More information about the TriLUG
mailing list