Re: Script-Permission

From: Michael Cheselka (cheselka@LINUX.CACTUS.ORG)
Date: Tue Apr 13 2004 - 12:10:36 EDT

• Next message: Sue Pellerito: "UNZIP for aix? HELP please"
• Previous message: JMonahan@COMPURES.COM: "Re: default /etc permissions"
• In reply to: Green, Simon: "Re: Script-Permission"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

I know this is an old email but you could code it up as a cgi
program and allow user2 to call it via lynx or a regular
web browser. Do you need to interact with the script or just
run it? You'll want to log everything and also reject any
input that doesn't fit what you expect. They can always phone
for help if they need to do something you hadn't anticipated.
Also, be wary of environmental variables.

You could also possibly execute the program via email utilizing
the .forward mechanism and mail back the results.

On Thu, Feb 26, 2004 at 01:52:02PM +0100, Green, Simon wrote:
> Because of the nature of scripts it is not possible to execute them without
> first reading them.
>
> The only way I know to deal with this would be to run a setuid program -
> whether root, or maybe user1 - that then invoked the script. Setuid to
> user1 might not be an unacceptable risk. Sudo and the like so this for you
> in a nicely controlled and audited manner.
>
> Another option might be to split the script, and put the passwords in
> another file with tighter access controls. That wouldn't work if user2
> actually needs the functionality that uses the passwords.
> --
> Simon Green
> Altria ITSC Europe Ltd
>
> AIX-L Archive at https://new-lists.princeton.edu/listserv/aix-l.html
>
> New to AIX? http://publib-b.boulder.ibm.com/redbooks.nsf/portals/UNIX
>
> N.B. Unsolicited email from vendors will not be appreciated.
> Please post all follow-ups to the list.
>
>
> > -----Original Message-----
> > From: Kumar, Praveen (cahoot) [mailto:Praveen.Kumar@CAHOOT.COM]
> > Sent: 26 February 2004 12:16
> > To: aix-l@Princeton.EDU
> > Subject: Re: Script-Permission
> >
> >
> > Hi ,
> > Sorry to tell this late...actually the requirement is
> > not to run a
> > script owned by root, but a non root user say user1 owns a
> > script,which
> > another non root user say user2 want execute with out having
> > read permission
> > for user2, as user1 stores some passwords in this script.

--
Michael R. M. Cheselka                     ryoohki@ryoohki.org
Itsu Made Mo "Love & Peace"                 ryoohki@spymac.com
http://www.cactus.org/~cheselka            cheselka@cactus.org

• Next message: Sue Pellerito: "UNZIP for aix? HELP please"
• Previous message: JMonahan@COMPURES.COM: "Re: default /etc permissions"
• In reply to: Green, Simon: "Re: Script-Permission"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Wed Apr 09 2008 - 22:17:49 EDT