set-uid bit: where am I going wrong?
I'm trying to use a script I wrote to copy files from one directory to another (as part of my backup regime). Unfortunately, because they are in my webserver directory, some of the files don't belong to the user that I run the script as (via cron). I can run the script with sudo, so I know that it's a permission problem. My initial thought is that I can use the set-uid bit and chown the script to root, but this still balks. Here is the relevant output of ls -l. -rwsr-xr-x 1 root admin 283 Nov 23 15:58 buprep.yuri Clearly the file is owned by root, and I kept it as part of my group. I've read the man pages, and believe that when I call the script, it will assume root's permissions. It doesn't, so where am I going wrong? Thanks, Tim -- [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: set-uid bit: where am I going wrong?
On Apr 11, 2005 2:51 PM, Tim Stephens [EMAIL PROTECTED] wrote: Clearly the file is owned by root, and I kept it as part of my group. I've read the man pages, and believe that when I call the script, it will assume root's permissions. It doesn't, so where am I going wrong? FreeBSD does not support setuid scripts. They are inherently insecure. You have some options though to your problem. You could run the script directly as root, which is what you are trying to do. Or you could write a wrapper round your script, which may seem like overkill. Given that you trust your script enough to try to run it setuid, I would go for the first option. Make sure the script cannot be altered by anyone other than root, then run it as root. Thanks, Tim Frem. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: set-uid bit: where am I going wrong?
Tim Stephens [EMAIL PROTECTED] writes: I'm trying to use a script I wrote to copy files from one directory to another (as part of my backup regime). Unfortunately, because they are in my webserver directory, some of the files don't belong to the user that I run the script as (via cron). I can run the script with sudo, so I know that it's a permission problem. My initial thought is that I can use the set-uid bit and chown the script to root, but this still balks. Here is the relevant output of ls -l. -rwsr-xr-x 1 root admin 283 Nov 23 15:58 buprep.yuri Clearly the file is owned by root, and I kept it as part of my group. I've read the man pages, and believe that when I call the script, it will assume root's permissions. It doesn't, so where am I going wrong? The kernel ignores the setuid bit on interpreted files, for security reasons. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
