Find the answer to your Linux question:
Results 1 to 4 of 4
Hi I have some requirement to run a script as root by some other user (which is not root). The script adds a new user using / usr / sbin ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Apr 2012
    Posts
    6

    Script as Root


    Hi

    I have some requirement to run a script as root by some other user (which is not root).
    The script adds a new user using / usr / sbin / useradd. I have used SETUID on the script but it still does not work. Following is my script:

    -rwsr-xr-x 1 root root 14 Feb 14 05:34 createuser.sh

    cat createuser.sh
    useradd ztest


    When I run this from some other user I get following:

    . / createuser.sh
    Permission denied

    Can you please help me doing this? I am no expert in Linux and may be asking something stupid.

    Just a note that I understand the security risk but I still want to do for reasons.

    Zulqarnain

  2. #2
    Trusted Penguin Irithori's Avatar
    Join Date
    May 2009
    Location
    Munich
    Posts
    3,441
    By default, suid has no effect on scripts.
    Explanation is here Unix - Frequently Asked Questions (4/7) [Frequent posting]Section - How can I get setuid shell scripts to work?

    In your case, you could give this other user access to useradd via sudo.
    However, then you can as well give him/her root.
    It would be just one line for him/her to add a user with uid 0 and a password.

    Maybe puppet or chef can be used in your case.
    Your user can develop manifests/recipes, but they will be peer-reviewed, revision controlled via git or svn and executed by the appropiate puppet/chef client.
    You must always face the curtain with a bow.

  3. #3
    Linux Enthusiast
    Join Date
    Jan 2005
    Location
    Saint Paul, MN
    Posts
    675
    Scripts can not use the "SUID" bit as they can not call the unix standard setuid function (see man 2 setuid) and as such can not be ever run as setuid program (yes this is my design as running shell scripts with setuid isn't very safe). However, you can allow a specific command (including scripts) to be run my a user via sudo with proper configuration.

  4. $spacer_open
    $spacer_close
  5. #4
    Just Joined! msohail's Avatar
    Join Date
    Nov 2011
    Posts
    47
    Quote Originally Posted by zulqarnainhabib View Post
    Hi

    I have some requirement to run a script as root by some other user (which is not root).
    The script adds a new user using / usr / sbin / useradd. I have used SETUID on the script but it still does not work. Following is my script:

    -rwsr-xr-x 1 root root 14 Feb 14 05:34 createuser.sh

    cat createuser.sh
    useradd ztest


    When I run this from some other user I get following:

    . / createuser.sh
    Permission denied

    Can you please help me doing this? I am no expert in Linux and may be asking something stupid.

    Just a note that I understand the security risk but I still want to do for reasons.

    Zulqarnain

    If you have root access then edit /etc/sudoers file and add this in the last line

    Code:
    username ALL=/usr/sbin/useradd,/usr/bin/passwd
    save and force exit.

    Edit your script as

    Code:
    read -p "Enter Username: " user
    sudo /usr/sbin/useradd $user
    sudo /usr/bin/passwd $user
    Jazak Allah
    Sohail

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •