Re: Script-Permission

From: Bob Booth - CITES (booth@UIUC.EDU)
Date: Wed Feb 25 2004 - 15:52:08 EST

• Next message: John Jolet: "Re: Script-Permission"
• Previous message: John Jolet: "Re: Script-Permission"
• In reply to: John Jolet: "Re: Script-Permission"
• Next in thread: John Jolet: "Re: Script-Permission"
• Reply: John Jolet: "Re: Script-Permission"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Here is an example of a setuid C program wrapper:

/*
C program wrapper so that scripts can be run suid root.
!!!USE at your own risk!!!
*/

#include <pwd.h>
#include <sys/resource.h>

main(argc, argv) int argc; char *argv[]; {
   struct passwd *pw = getpwnam("root");
   setpriority(PRIO_PROCESS, 0, -20);
   setuid(pw->pw_uid);
   execv("fullpath and name of your script here", argv);
   }

On Wed, Feb 25, 2004 at 02:35:20PM -0600, John Jolet wrote:
> if they can't read the script, how can the bash shell interpret it? the only
> way to do this is with a setuid wrapper program. aix disallows setuid shell
> scripts, so you'll most likely have to write it in c or something.
>
> On Wednesday 25 February 2004 02:16 pm, you wrote:
> > Hi *,
> > I have a script which has a password stored in it, and i want
> > some of the identified users to be able to execute this script, The user is
> > unable to execute after setting the execute bit on the script, but once i
> > give read permission also to that user, he is able to do execute.
> > pl let me know is there any way where i can allow the other user to execute
> > but still disable him to read the script.
> >
> > TIA
> > Praveen.K
> >
> >
> > *********************
> > Internet communications are not necessarily secure and may be intercepted
> > or changed after they are sent. cahoot does not accept liability for any
> > such changes.
> > If you wish to confirm the origin or content of this communication, please
> > contact the sender using an alternative means of communication.
> >
> > This communication does not create or modify any contract.
> >
> > This email may contain confidential information intended solely for use by
> > the addressee. If you are not the intended recipient of this communication
> > you should destroy it without copying, disclosing or otherwise using its
> > contents.
> >
> > Please notify the sender immediately of the error.
> >
> > cahoot is a division of Abbey National plc.
> > Abbey National plc is registered in England, registered number 2294747.
> > Registered Office: Abbey National House, 2 Triton Square, Regent's Place,
> > London, NW1 3AN.

• Next message: John Jolet: "Re: Script-Permission"
• Previous message: John Jolet: "Re: Script-Permission"
• In reply to: John Jolet: "Re: Script-Permission"
• Next in thread: John Jolet: "Re: Script-Permission"
• Reply: John Jolet: "Re: Script-Permission"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Wed Apr 09 2008 - 22:17:37 EDT