Re: Script-Permission

From: Holger.VanKoll@SWISSCOM.COM
Date: Thu Feb 26 2004 - 02:22:05 EST

• Next message: dballester@KERNPHARMA.COM: "Re: Lotus Notes"
• Previous message: Holger.VanKoll@SWISSCOM.COM: "Re: consumption memory"
• Maybe in reply to: Kumar, Praveen (cahoot): "Script-Permission"
• Next in thread: Kumar, Praveen (cahoot): "Re: Script-Permission"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

one "other option" would be to write a small setuid-root c-code that
just reads/echos the password

-----Original Message-----
From: IBM AIX Discussion List [mailto:aix-l@Princeton.EDU] On Behalf Of
John Jolet
Sent: Wednesday, February 25, 2004 10:11 PM
To: aix-l@Princeton.EDU
Subject: Re: Script-Permission

as the comments say....be very careful with this sort of mechanism.
make sure
you've exhausted your other options...have you tried sudo?

On Wednesday 25 February 2004 02:52 pm, you wrote:
> Here is an example of a setuid C program wrapper:
>
> /*
> C program wrapper so that scripts can be run suid root.
> !!!USE at your own risk!!!
> */
>
> #include <pwd.h>
> #include <sys/resource.h>
>
> main(argc, argv) int argc; char *argv[]; {
> struct passwd *pw = getpwnam("root");
> setpriority(PRIO_PROCESS, 0, -20);
> setuid(pw->pw_uid);
> execv("fullpath and name of your script here", argv);
> }
>
> On Wed, Feb 25, 2004 at 02:35:20PM -0600, John Jolet wrote:
> > if they can't read the script, how can the bash shell interpret it?
the
> > only way to do this is with a setuid wrapper program. aix disallows
> > setuid shell scripts, so you'll most likely have to write it in c or
> > something.
> >
> > On Wednesday 25 February 2004 02:16 pm, you wrote:
> > > Hi *,
> > > I have a script which has a password stored in it, and
i
> > > want some of the identified users to be able to execute this
script,
> > > The user is unable to execute after setting the execute bit on the
> > > script, but once i give read permission also to that user, he is
able
> > > to do execute. pl let me know is there any way where i can allow
the
> > > other user to execute but still disable him to read the script.
> > >
> > > TIA
> > > Praveen.K
> > >
> > >
> > > *********************
> > > Internet communications are not necessarily secure and may be
> > > intercepted or changed after they are sent. cahoot does not
accept
> > > liability for any such changes.
> > > If you wish to confirm the origin or content of this
communication,
> > > please contact the sender using an alternative means of
communication.
> > >
> > > This communication does not create or modify any contract.
> > >
> > > This email may contain confidential information intended solely
for use
> > > by the addressee. If you are not the intended recipient of this
> > > communication you should destroy it without copying, disclosing or
> > > otherwise using its contents.
> > >
> > > Please notify the sender immediately of the error.
> > >
> > > cahoot is a division of Abbey National plc.
> > > Abbey National plc is registered in England, registered number
2294747.
> > > Registered Office: Abbey National House, 2 Triton Square, Regent's
> > > Place, London, NW1 3AN.

• Next message: dballester@KERNPHARMA.COM: "Re: Lotus Notes"
• Previous message: Holger.VanKoll@SWISSCOM.COM: "Re: consumption memory"
• Maybe in reply to: Kumar, Praveen (cahoot): "Script-Permission"
• Next in thread: Kumar, Praveen (cahoot): "Re: Script-Permission"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Wed Apr 09 2008 - 22:17:38 EDT