Smart questions
Smart answers
Smart people
Join Tek-Tips Forums
INTELLIGENT WORK FORUMS
FOR COMPUTER PROFESSIONALS

Member Login




Remember Me
Forgot Password?
Join Us!

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips now!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!

Join Tek-Tips
*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

Posting Guidelines

Promoting, selling, recruiting, coursework and thesis posting is forbidden.
Jobs from Indeed

Link To This Forum!

Partner Button
Add Stickiness To Your Site By Linking To This Professionally Managed Technical Forum.
Just copy and paste the
code below into your site.

billy1 (TechnicalUser) (OP)
24 Apr 03 5:09
I have a script owned by root which does various things including running 'rmuser -p' and 'su - <another user>'. I can run this script as root and it works fine. I thought that to be able to let others run it I could set the permissions using an ACL file and specifying the userid's I need to be able to run it. The permissions on the file are as follows:
 -r-s--x--x   1 root     system    rmuser_pms.sh

But on testing it out running it as one of the ACL userid's, rmuser won't execute and when running su it prompts for a password.

Any ideas on how to get this working or is it even possible ?


alexhu (MIS)
24 Apr 03 5:17
It would probably benefit you to install 'sudo'. This is highly configurable and allows users to run scripts 'as root'. You can define who is allowed to run what.

http://www.courtesan.com/sudo/


Alex
dsn1 (TechnicalUser)
24 Apr 03 7:42
you cannot make a script suided. To deal with this , you need to have an executable which is suided to call the script. You could write a fairly simple C program which calls this script and put the s bit on the compiled program

Dave
billy1 (TechnicalUser) (OP)
24 Apr 03 8:13
Dave, I think you are correct. I remember seeing that before. By writing a C program, compiling it and then attaching the ACL rights to this script which calls my shell script it will run. I'll have to look up the old C books. Thanks !
billy1 (TechnicalUser) (OP)
24 Apr 03 10:37
Ok, I've written a c program which has compiled and it runs the script successfully. 'rmuser' within the script runs grand but the 'su - <other userid>' doesn't. It's still prompting for a password. Any ideas ?
AIXSPadmin (MIS)
24 Apr 03 10:46
#include<stdio.h>
#include<stdlib.h>
#include<string.h>

main() {
       char user_name[20];
       char cmd[40];
       setuid(0);
       setgid(0);

       printf("Enter user to su or remove: ");
       gets(user_name);
       sprintf(cmd,"/usr/bin/rmuser %s", user_name);
       system(cmd);
}


Your compile may balk that gets is unsafe, but this is a quick and dirty c program to do what you want. It could be further enhanced to check the user to see if they are allowed to execute it and could/should include error checking.
billy1 (TechnicalUser) (OP)
24 Apr 03 12:29
I just added setuid(0) to my existing script and that did the trick. Many thanks to all !
crowe (TechnicalUser)
24 Apr 03 21:48
I would agree with alexhu, sudo is an easy and highly configurable solution to this problem.

crowe

Reply To This Thread

Posting in the Tek-Tips forums is a member-only feature.

Click Here to join Tek-Tips and talk with other members!

Back To Forum

Close Box

Join Tek-Tips® Today!

Join your peers on the Internet's largest technical computer professional community.
It's easy to join and it's free.

Here's Why Members Love Tek-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close