Results 1 to 10 of 11
Hi folks! Im trying to set up a reaaallly basic scrip to allow one user to shutdown my machine without root permisions, seting up SUID as follows: -rwsrwxr-- 1 root ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
- 08-27-2009 #1
- Join Date
- Aug 2009
SUID permission on Bash script
Im trying to set up a reaaallly basic scrip to allow one user to shutdown my machine without root permisions, seting up SUID as follows:
-rwsrwxr-- 1 root wheel 38 Aug 27 23:12 apagar.sh
content of script:
shutdown -p now
As far as i know, using SUID, script must runs with root permissions... so i shoudnt get "Permission denied", what im doing wrong??
- 08-28-2009 #2
Very vew systems allow SUID scripts. Linux doesn't.
- 08-28-2009 #3
- Join Date
- Aug 2009
- 08-29-2009 #4
- 09-01-2009 #5
Back in the day, the way around the restriction on SUID scripts was to use Perl - it provides a SUID mode. If the host system disables SUID on scripts, then when you run a SUID Perl script, if Perl is configured for SUID support, it will detect that the script being run has SUID bit set, and it will run its own SUID copy of the Perl interpreter to escalate privileges as required. I couldn't tell you whether it's safe, personally. If you care about security you need to be careful of anything SUID.
Now, a question: have you considered using "sudo"? I think that's what people typically use for jobs like this...
- 09-01-2009 #6
Setting up sudo is easy, with many web references available. Else, just search the forum.
Good luck!Respectfully... Sarlac II
The moving clock K' appears to K to run slow by the factor (1-v^2/c^2)^(1/2).
This is the phenomenon of time dilation.
The faster you run, the younger you look, to everyone but yourself.
- 09-09-2009 #7"I am not an alcoholic, alcoholics go to meetings"
Registered Linux user = #372327
- 09-09-2009 #8
Basically SUID programs' behavior can often be influenced by outside factors, such as the value of certain environment variables. A classic one for a SUID binary is to set the value of LD_PRELOAD or LD_LIBRARY_PATH to load in a piece of your own code when you run the program. Shell scripts tend to run a lot of programs from the path, so in addition to the dynamic linker environment variables, a SUID shell script would also be highly vulnerable to changes to the PATH variable.
(For instance: if your shell script includes the command "rm /var/log/x" and the user alters $PATH to include, at its head, a directory containing a copy of the BASH shell renamed to "rm" - then when the script is run, the user will get a root shell.)
This vulnerability, above and beyond what may be exploited in a SUID binary, is the basic reason why SUID shell scripts are normally considered fundamentally insecure. (Though it seems the LD_LIBRARY_PATH and LD_PRELOAD ones would be just as bad, honestly...)
- 09-10-2009 #9
The adventure of a life time.
Linux User #296285
- 09-19-2010 #10
- Join Date
- Sep 2010
An old problem~aaaah.It is simple because bash does not allow been used as an SET-UID program.So what you should do is install zsh and change symbolic link.link /bin/sh to /bin/zsh.
Password: (enter root password)
# cd /bin
# rm sh
# ln -s zsh sh
then you can use your script.