Rainer Stratmann wrote:
What works is an entry in the sudoers file. And then the program/script you can call with root rights.
I hope this is for something that will only ever run on your own machine, because unless you take a lot of precautions (hardcoding a set of *absolute* paths to scripts that may be executed this way like Michael mentioned can help, but only if you can guarantee none of these locations can be overwritten, symlinked to somewhere else or substituted through mounting), this is a security disaster waiting to happen.
A lot of security holes in various Unix-like OSes happen through abuse of setuid helpers or helper programs executed as root. If you really need to do something as root, having a small setuid binary that can only do this one thing is much safer than invoking a general purpose shell that can do anything. You can find a very basic overview of some issues at https://developer.apple.com/library/mac/documentation/OpenSource/Conceptual/ShellScripting/ShellScriptSecurity/ShellScriptSecurity.html .
If everything mentioned there isn't completely obvious to you, please do not distribute any program that invokes shell scripts as root before you familiarise yourself very thoroughly with security at the Unix/shell level. And even if it is, ask yourself whether there is no safer way to achieve the same results.
Jonas _______________________________________________ fpc-pascal maillist - fpc-pascal@lists.freepascal.org http://lists.freepascal.org/cgi-bin/mailman/listinfo/fpc-pascal
