aspose file tools*
The moose likes Linux / UNIX and the fly likes Unix script should run with root premissions Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Engineering » Linux / UNIX
Bookmark "Unix script should run with root premissions" Watch "Unix script should run with root premissions" New topic
Author

Unix script should run with root premissions

Brian Tolstrup
Greenhorn

Joined: Oct 15, 2002
Posts: 17
Hi there

I would like to create a unix-script that will call several other scripts, but with root-premission.

The case is that a non-root-account should be able to start this script, and by this get some work done as if they were root.

I have been seraching the net trying to find something - one person told me that if was something about a "sign bit" I should add to the script???

Hope that someone can help.

Regards
Brian Tolstrup


Regards<br />Brian Tolstrup<br />Developer
Guy Allard
Ranch Hand

Joined: Nov 24, 2000
Posts: 776
You want to look at , check the man page.

Guy
Brian Tolstrup
Greenhorn

Joined: Oct 15, 2002
Posts: 17
Hi Guy

Will this work on a Solaris installation ( running on SUN servers ) ?

regards
Brian Tolstrup
Adam Welch
Greenhorn

Joined: Oct 20, 2004
Posts: 4
With Solaris, and *nix generally, you could try a setuid approach. See man page for "set user ID" or "setuid." Prior poster is correct that sudo is better - see if you can find a port, perhaps from sunfreeware.com.
Brian Tolstrup
Greenhorn

Joined: Oct 15, 2002
Posts: 17
Hi all

I have reading about SUID and SUDO and have some questions you guys might be abel to answer.

Using SUDO I will be abel to give some users the privilliges to execute commads normaly restrikted to root-account. In my case the abbility to create users. But who do I restrict the use from creating a user with root-privilliges and the mis-use the system as a user with root-premissions?

The same question goes for if I use SUID. How do I restrict the user from creating a new user which have root-premissions or root-privilligies?

I hope someone can help me by directing me to some articels or give some answers on how to get pasted this security risk.

Regards
Brian Tolstrup
Stefan Wagner
Ranch Hand

Joined: Jun 02, 2003
Posts: 1923

I didn't test it, but I guess, you have to make the script unwritable for the user, who is allowed to execute it as root.
And you have to ensure, that none of the called commands inside the script, is writable, and recursively so on for scripts or binaries, which call scripts or binaries.


http://home.arcor.de/hirnstrom/bewerbung
Ernest Friedman-Hill
author and iconoclast
Marshal

Joined: Jul 08, 2003
Posts: 24184
    
  34

More importantly, though: if you allow a general user to run a program that creates new accounts, runs as root, and can create accounts with root privileges, then you've given that user the keys to the system.

One thing you might do is to write a simple shell script or wrapper program which in turn runs /usr/sbin/useradd (or whatever is appropriate on your system) and passes along all the options except the -u switch (or whatever switch specifies the UID on your system.) This would prevent the user from creating an account that mimics root's (or anyone else's) UID. They could only create a user with a new, automatically allocated UID.

This is tricky stuff, so be careful.


[Jess in Action][AskingGoodQuestions]
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Unix script should run with root premissions