Find the answer to your Linux question:
Results 1 to 6 of 6
As you can probably surmise from my forum name, I have been involuntarily thrust into the role of sysadmin for my company, at least temporarily. I know just enough to ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Mar 2004
    Posts
    3

    Cron script won't run


    As you can probably surmise from my forum name, I have been involuntarily thrust into the role of sysadmin for my company, at least temporarily. I know just enough to get started, but not enough to get the results I need. (for reference, we are running Debian)

    I have a cron routine, (a perl script), that periodically adds new user entries from a database to our system's general user files (/etc/passwd, /etc/shadow). Problem is that our previous admin had the script running under his username, and when we disabled his access, the script stopped having the authority to add the users. I assume he had modified his user profile to have the system consider his account to have root privileges while it is running.

    Now that his account is gone, I have created a new user profile for the process, and inserted the name/password combination into the script. The script still cannot run properly. I believe I need to somehow set this new user's attributes to allow it root privileges for this script, but I do not know the specifics of doing so.

    If anyone can help, it would be appreciaated.

    Thanks,

    Bob

  2. #2
    Linux Guru
    Join Date
    Oct 2001
    Location
    Täby, Sweden
    Posts
    7,578
    You cannot make an account other than the root account have root privileges (having root privileges is defined as having UID 0, which of course only root has), so that's probably not what he had done. Instead, he might have chown'ed /etc/passwd to his account, for example. Check the ownership of /etc/passwd (ls -l /etc/passwd) to see if that might be what he had done.

    As an alternative, couldn't you just make the script run as root?

  3. #3
    Just Joined!
    Join Date
    Mar 2004
    Posts
    3
    Actually, the owner of the /etc/passwd file is listed as root. I have tested the script, using the root access from within it, and it works OK.

    I don't know about the security implications of having the root credentials/access in the script, so I'm not quite ready to keep that in place. Thanks for the input. I'm reasonably sure he was able to give his user the ability to add users to the system - I just don't yet know how.

    Bob

  4. $spacer_open
    $spacer_close
  5. #4
    Linux Guru
    Join Date
    Oct 2001
    Location
    Täby, Sweden
    Posts
    7,578
    Well, the only way to do that would be to somehow make /etc/passwd writable by his user. Are you by any chance using POSIC ACLs on this system? What is the group ownership and actual permissions of /etc/passwd?

  6. #5
    Just Joined!
    Join Date
    Mar 2004
    Posts
    3
    Upon issuing the command

    ls -l /etc/passwd

    I get

    -rw-r--r-- 1 root root 108989 Mar 3 18:30 /etc/passwd

    This seems to indicate that the owner is root, the group is root, and permissions are read-only for anyone but root.

    How do I determine the presence/use of the POSIX routines/functions? I still find no indication that he used any other than his credentials for the routines. Somehow he was able to grant that user root permissions, either just for that routine, or on a permanent basis.

    I'm stumped. Thanks for your help.

    Bob

  7. #6
    Linux Guru
    Join Date
    Oct 2001
    Location
    Täby, Sweden
    Posts
    7,578
    The thing is that there are probably hundreds of ways to do it. If you want to find out how he did it, you should probably ask him.

    If you just want to get it working, I'd say that one of the best ways would be to chown /etc/passwd to root:adm, chmod it to 664 and add yourself to the adm group. Another way is to use POSIX ACLs, but if they're not already installed, you'll probably have to patch the kernel to get it working. A third way is to create a SUID root binary to do that small part of the work.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •