[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Sticky permissions on files...




On Thursday, Jan 27, 2005, at 23:59 US/Central, Ken Keefe wrote:
> So, I have written a script that when run swaps two config files and
> restarts a service. Now, I'd like any user on my system to have the
> ability to use it.

You definitely don't what your script to be suid.  It wouldn't take 
much for any user to modify your script and open a shell as root.  
Instead, use sudo for that script.  For example, in the /etc/sudoers 
file:

   foo    ALL = NOPASSWD: /usr/local/bin/myscript

The above entry would allow user foo to run program 
/usr/local/bin/myscript as root without having to type a password.  A 
more restrictive entry like so may be appropriate:

   foo    bar = (alt_user) /usr/local/bin/myscript

The above entry would allow foo to run /usr/local/bin/myscript as user 
alt_user only on machine bar and after typing in his/her own password.  
The above lines are from memory and have not been tested.  So, man sudo 
and man sudoers for more info.

In any case, please experiment, and let us know how things go.

Regards,
- Robert
http://www.cwelug.org/downloads
Help others get OpenSource.  Distribute FLOSS for
Windows, Linux, *BSD, and MacOS X with BitTorrent


-
To unsubscribe, send email to majordomo@silug.org with
"unsubscribe silug-discuss" in the body.