suid root - bash script
Yedidyah Bar-David
linux-il at didi.bardavid.org
Thu Apr 23 13:51:11 IDT 2009
On Thu, Apr 23, 2009 at 01:22:43PM +0300, Noam Rathaus wrote:
> Hi Yedidyah,
> > I guess there are other ways to do this, but that's how it is in unix.
> > As far as I know, Windows does not have something similar at all - if
> > you want there to run some program as another user, you have to do much
> > more than setuid it.
>
>
> Windows has the Run As service which does something similar, its a bit
> more.. complex, but it allows you to do what you mentioned. I am
> skipping on Windows' ability to run Service as other users :)
What's the difference (in use, not in implementation) between Run As and
'su'? Does it allow (by some configuration) running some program as
another user without providing its password? But this is getting
off-topic...
> My scenario is this:
> 1) Apache runs a perl (which needs to be setuid => it changes IP addresses, etc)
> 2) This perl needs to call another perl responsible for updating the
> sytem => and managing that it works correctly
> 3) This perl runs several other Perl scripts that are also setuid as
> they replace files
>
> When apache tries to execute the perl's line which says:
> system("/usr/local/bin/update.pl")
>
> I get the setuid warning that I need to put a wrapper
>
> I then did:
> system("/usr/local/bin/update")
>
> Where update
>
> Just executes update.pl
>
> Both update (written in C) and update.pl (written in perl) are setuid root.
>
> I still get the warning
But does it or does it not run as root? Perhaps it emits this warning
anyway when the script is setuid. I did not check. If it does not: What
happens when you simply run it yourself from the command line? Does it
work?
You can still try sudo anyway. Read 'man sudoers' and look at the
EXAMPLES section.
--
Didi
More information about the Linux-il
mailing list