Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chriss Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

A root script that others can run

Status
Not open for further replies.
billy1

billy1

Technical User
Joined
Sep 16, 2002
Messages
73
Location
IE
I have a script owned by root which does various things including running 'rmuser -p' and 'su - <another user>'. I can run this script as root and it works fine. I thought that to be able to let others run it I could set the permissions using an ACL file and specifying the userid's I need to be able to run it. The permissions on the file are as follows:
-r-s--x--x 1 root system rmuser_pms.sh

But on testing it out running it as one of the ACL userid's, rmuser won't execute and when running su it prompts for a password.

Any ideas on how to get this working or is it even possible ?


 
Sort by date Sort by votes
It would probably benefit you to install 'sudo'. This is highly configurable and allows users to run scripts 'as root'. You can define who is allowed to run what.



Alex
 
Upvote 0 Downvote
you cannot make a script suided. To deal with this , you need to have an executable which is suided to call the script. You could write a fairly simple C program which calls this script and put the s bit on the compiled program

Dave
 
Upvote 0 Downvote
Dave, I think you are correct. I remember seeing that before. By writing a C program, compiling it and then attaching the ACL rights to this script which calls my shell script it will run. I'll have to look up the old C books. Thanks !
 
Upvote 0 Downvote
Ok, I've written a c program which has compiled and it runs the script successfully. 'rmuser' within the script runs grand but the 'su - <other userid>' doesn't. It's still prompting for a password. Any ideas ?
 
Upvote 0 Downvote
#include<stdio.h>
#include<stdlib.h>
#include<string.h>

main() {
char user_name[20];
char cmd[40];
setuid(0);
setgid(0);

printf(&quot;Enter user to su or remove: &quot;);
gets(user_name);
sprintf(cmd,&quot;/usr/bin/rmuser %s&quot;, user_name);
system(cmd);
}


Your compile may balk that gets is unsafe, but this is a quick and dirty c program to do what you want. It could be further enhanced to check the user to see if they are allowed to execute it and could/should include error checking.
 
Upvote 0 Downvote
I just added setuid(0) to my existing script and that did the trick. Many thanks to all !
 
Upvote 0 Downvote
I would agree with alexhu, sudo is an easy and highly configurable solution to this problem.

crowe
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

E
  • Locked
  • Question Question
AIX Power5 on 5.3- On varyonvg error "cannot be varied on because no good copies of the descriptor area"
Replies
1
Views
845
JenLM
J
E
  • Locked
  • Question Question
What are reservations and how do you set them?
Replies
0
Views
752
emze
E
A
  • Locked
  • Question Question
Adding Existing LUN to New LPAR AIX
Replies
0
Views
811
Alvinghost
A
jkc2023
  • Locked
  • Question Question
AIX TL and SP upgrade
Replies
0
Views
956
jkc2023
jkc2023
mar3i
  • Locked
  • Question Question
Cannot inrease var filesystem
Replies
2
Views
653
pa2nc
pa2nc

Part and Inventory Search

Sponsor

Back
Top