This is generally considered highly insecure. The usual caveat about running userland apps as root.
In fact, the generally accepted practice amongst most Linux admins is: ALWAYS issue administrative commands using sudo. NEVER log in remotely as root. ONLY log in as root w/ physical access, and ONLY if something is wrong with your sudo config. If you use these policies the root password will never be issued except on a physically secure serial line or other local bus connection, and you will never have to run even so much a s a shell as root. This is good for a variety of reasons that it is not really necessary to expound here. Basically just remember, setuid root == VERY INSECURE. Setuid anything else is really only used to give daemons access to the vfs resources they need and nothing else. Sudo is specifically designed as an answer to specifically the type of problem you are encountering here. Sudo is your friend. Sudo should ship with SLES AND RHEL. I don't recommend this on enterprise servers but some Linux distros even disable the root user by default (this is done with the lock option of the passwd command, i.e. passwd -l root. That command WILL break your system is not executed by a properly configured sudo command, 100% of the time.) Sudo is better than being root. always. Sudo is better than setuid for almost everything as well. USE SUDO!!!!!!! Erik Johnson On Tue, Mar 31, 2009 at 10:48 AM, Jack Woehr <[email protected]> wrote: > CHAPLIN, JAMES (CTR) wrote: >> >> -r--rwsr--+ 1 user group 500 Jan 21 16:23 stopServer.sh >> The setuid is set on group level. >> > > It has to be setuid to root because only root can send signal > to other user's processes. So it has to be owned by root and > should be something like -r-sr-x--- > > Oh, minor terminological pedanticism: when the set is on the group we call > it setgid to differentiate from setuid. > > -- > Jack J. Woehr # I run for public office from time to time. It's > like > http://www.well.com/~jax # working out at the gym, you sweat a lot, don't > get > http://www.softwoehr.com # anywhere, and you fall asleep easily afterwards. > > ---------------------------------------------------------------------- > For LINUX-390 subscribe / signoff / archive access instructions, > send email to [email protected] with the message: INFO LINUX-390 or > visit > http://www.marist.edu/htbin/wlvindex?LINUX-390 > ---------------------------------------------------------------------- For LINUX-390 subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
