setuid shell scripts
dave at murphy.UUCP
dave at murphy.UUCP
Wed Nov 26 04:30:56 AEST 1986
It works on BSD4.2 and 4.3 systems. I'm pretty sure it does not work on
V7 and SysIII; I can't say for SysV or any other variations. But, for BSD
systems, you can put the setuid bit on a shell script and it will work as
you expect -- provided that you remember to put an interpreter-specifier
line at the beginning of the script, such as:
#!/bin/csh
or
#!/bin/sh
to specify which shell to run to execute the script.
Use of this feature poses a number of security problems, since shell scripts
aren't usually written with security in mind. You'll have to evaluate the
risks and benefits for your installation; keep in mind, though, that even if
all of your users are trusted, it's awfully easy to wipe out an entire system
with a faulty shell script running under root, so test your scripts carefully
before installing them with the setuid bit turned on. At the least, you
should reset $PATH at the beginning of the script so that it contains only
trusted directories (and definitely *not* "."!).
---
It's been said by many a wise philosopher that when you die and your soul
goes to its final resting place, it has to make a connection in Atlanta.
Dave Cornutt, Gould Computer Systems, Ft. Lauderdale, FL
UUCP: ...{sun,pur-ee,brl-bmd}!gould!dcornutt
or ...!ucf-cs!novavax!houligan!dcornutt
ARPA: wait a minute, I've almost got it...
"The opinions expressed herein are not necessarily those of my employer,
not necessarily mine, and probably not necessary."
More information about the Comp.unix.questions
mailing list