Hello Yogesh, One possible suggestion ...
You could create a special "group" having only the "perl script uid" as part of that group. Then change the group of the binary executable files to this group, and ensure the binary executables are only user & group executable i.e. maximum permission 4750. Alternatively you could also use ACL's (if available) and give specific execute access to the "perl script uid", denying others any privilage. check setfacl/getfacl man page for more details on seetting up ACL's. This would ensure that these binary executables are only readable/executable by root and/or the "perl script uid", and hence are at a lower security risk. Regards, Mustafa M. ----- Original Message ----- From: Yogesh Sawant <[EMAIL PROTECTED]> Date: Friday, October 8, 2004 3:05 pm Subject: [PLUG] Getting root privilege: Please help > Hi guys > > I am writing some Perl scripts. I was facing a problem. > Fortunately, I have found a workaround. But I am interested to know > if there can be a better solution. > > Problem was: The scripts are running not as root user (and this > can't be changed). But at some places I want to do operations that > require root privilege. the operations are of two types (1) reading > and writing to files that are owned by root and (2) executing > commands (for example, postcat) that require root privilege. I have > no idea how this can be done in Perl. The workaround that I have > managed is, I have created binary executable files using C. > I invoke the binary executable file from perl script. In C code, I do > suid (0); > This gives root privilege and then I do whatever operation is > required. But I have to set suid bit on for the binary executable > file using chmod u+s <filename> Also, that file must be owned by > root. I am concerned about security. > Does anyone know a better solution? Kindly enlighten me upon this. > > Thanks in advance > Yogesh > > -- > India.com free e-mail - www.india.com. > Check out our value-added Premium features, such as an extra 20MB > for mail storage, POP3, e-mail forwarding, and ads-free mailboxes! > > Powered by Outblaze > -- > ______________________________________________________________________ > Pune GNU/Linux Users Group Mailing List: ([EMAIL PROTECTED]) > List Information: http://plug.org.in/mailing-list/listinfo/plug-mail > Send 'help' to [EMAIL PROTECTED] for mailing instructions. > -- ______________________________________________________________________ Pune GNU/Linux Users Group Mailing List: ([EMAIL PROTECTED]) List Information: http://plug.org.in/mailing-list/listinfo/plug-mail Send 'help' to [EMAIL PROTECTED] for mailing instructions.
