on Tue, Jan 07, 2003 at 05:36:45PM +0100, cana rich wrote:
>
> Hello,
> I am using Linux RedHat 7.2.
> I have some script shell (belong to root). I would like it to be executable by every
>users but i don't want it to be readable by others users.
> Is it possible?
> Thanks for your help
> Canarich
Hi, Linux ignores setuid to root on scripts so you can't wrap
your script with another one that is setuid to root which is the first
obvious solution assuming you need your script to run with root
privileges.
Here is one solution : An executable wrapper.
######################### BEGIN FILE ########################
/*
*/
#include <sys/errno.h>
#include <sys/stat.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <ctype.h>
#include <unistd.h>
extern char **environ;
int main () {
int stat;
char * nuttin = 0;
stat = execl("/usr/local/bin/myscript", nuttin );
}
############################# END ###########################
Save this text to a file named "anything.c"
In the text file change the string /usr/local/myscript to the name of your script.
Make sure your script has #!<path to the shell you want> as the first
line of the script.
compile it with "cc -o anything anything.c"
Setuid the resulting executable to suid root (man chown and chmod)
Change the ownership of the script to be owned by root. (chown 0 <SCRIPT>)
Set the protection to the script to 700 (chmod 700 <SCRIPT>)
Run the executable file named "anything" (whatever you named the file to)
It should execute the script as root and no one else can read the script.
There are always security issues. Be wary.
Consider masking the strings in the above program so that they are
not actually rendered into strings until the program runs.
Also consider nulling out environ except for those environment settings
that are absolutely essential.
By the way - please wrap your email text to 72 chars wide.
--
redhat-list mailing list
unsubscribe mailto:[EMAIL PROTECTED]?subject=unsubscribe
https://listman.redhat.com/mailman/listinfo/redhat-list
