Results 1 to 4 of 4
Hi I have some requirement to run a script as root by some other user (which is not root). The script adds a new user using / usr / sbin ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
- 02-14-2013 #1
- Join Date
- Apr 2012
Script as Root
I have some requirement to run a script as root by some other user (which is not root).
The script adds a new user using / usr / sbin / useradd. I have used SETUID on the script but it still does not work. Following is my script:
-rwsr-xr-x 1 root root 14 Feb 14 05:34 createuser.sh
When I run this from some other user I get following:
. / createuser.sh
Can you please help me doing this? I am no expert in Linux and may be asking something stupid.
Just a note that I understand the security risk but I still want to do for reasons.
- 02-14-2013 #2
By default, suid has no effect on scripts.
Explanation is here Unix - Frequently Asked Questions (4/7) [Frequent posting]Section - How can I get setuid shell scripts to work?
In your case, you could give this other user access to useradd via sudo.
However, then you can as well give him/her root.
It would be just one line for him/her to add a user with uid 0 and a password.
Maybe puppet or chef can be used in your case.
Your user can develop manifests/recipes, but they will be peer-reviewed, revision controlled via git or svn and executed by the appropiate puppet/chef client.You must always face the curtain with a bow.
- 02-15-2013 #3
- Join Date
- Jan 2005
- Saint Paul, MN
Scripts can not use the "SUID" bit as they can not call the unix standard setuid function (see man 2 setuid) and as such can not be ever run as setuid program (yes this is my design as running shell scripts with setuid isn't very safe). However, you can allow a specific command (including scripts) to be run my a user via sudo with proper configuration.
- 02-17-2013 #4
If you have root access then edit /etc/sudoers file and add this in the last line
Edit your script as
read -p "Enter Username: " user sudo /usr/sbin/useradd $user sudo /usr/bin/passwd $user