RunAs = sudo
--Ariel
Noam Rathaus wrote:
Hi Yedidyah,
See below
On Thu, Apr 23, 2009 at 12:34 PM, Yedidyah Bar-David
wrote:
Hi Noam,
On Thu, Apr 23, 2009 at 12:08:21PM +0300, Noam Rathaus wrote:
Hi Yedidyah,
This "stupid" - in my opinion - restriction also applies to perl scrip
On 23.04.2009 Shachar Shemesh wrote:
> Oron Peled wrote:
> >
> > There's a reason why the kernel does not respect suid/sgid bit on shell
> > scripts -- It's because there are gazillions of ways a user can use
> > this script to gain total root access.
> >
> Name two?
Numero uno:
--- cut ---
2009/4/23 Oleg Goldshmidt :
> Oron Peled writes:
>
>> On 23.04.2009 Yedidyah Bar-David wrote:
>>> 'sudo' is what you want.
>>
>> Why bother? It's easier to simply give those users the root password
>> as the result would be the same anyway.
>
> Eh? You can sudo this particular script for a particu
Oron Peled writes:
> On 23.04.2009 Yedidyah Bar-David wrote:
>> 'sudo' is what you want.
>
> Why bother? It's easier to simply give those users the root password
> as the result would be the same anyway.
Eh? You can sudo this particular script for a particular user or group
and make it non-modif
Hi Shachar,
Ok, I will try it out, though as I mentioned in sample I run from this
perl, another perl script that is setuid.
On Thu, Apr 23, 2009 at 2:13 PM, Shachar Shemesh wrote:
> Noam Rathaus wrote:
>
> Hi Shachar,
>
> Thanks for the response.
>
> I am using here Debian 5.0 and I still get t
On Thu, Apr 23, 2009 at 02:01:29PM +0300, Noam Rathaus wrote:
> Hi Yedidyah,
>
> 1) It doesn't run => shows error => stops
> 2) Under root it works => no error => works
> 3) Should I test it under another user? :)
Yes, that's what I meant. Sorry.
--
Didi
___
Noam Rathaus wrote:
Hi Shachar,
Thanks for the response.
I am using here Debian 5.0 and I still get the problem even if I:
1) setuid the file to be setuid root
2) change the perl interpreter at the top of the script from perl to
suidperl (they are the same symbloic link, but I tried it anyhow)
>> 'sudo' is what you want.
>
> Why bother? It's easier to simply give those users the root password
> as the result would be the same anyway.
>
Sudo uses the user's password, not root's. Don't let the *buntu
version of sudo mislead you: sudo can be used to give specific users
specific privileges,
Hi Yedidyah,
1) It doesn't run => shows error => stops
2) Under root it works => no error => works
3) Should I test it under another user? :)
On Thu, Apr 23, 2009 at 1:51 PM, Yedidyah Bar-David
wrote:
> On Thu, Apr 23, 2009 at 01:22:43PM +0300, Noam Rathaus wrote:
>> Hi Yedidyah,
>> > I guess
On Thu, Apr 23, 2009 at 01:22:43PM +0300, Noam Rathaus wrote:
> Hi Yedidyah,
> > I guess there are other ways to do this, but that's how it is in unix.
> > As far as I know, Windows does not have something similar at all - if
> > you want there to run some program as another user, you have to do mu
Noam Rathaus wrote:
Hi Shachar,
Thanks for the response.
I am using here Debian 5.0 and I still get the problem even if I:
1) setuid the file to be setuid root
2) change the perl interpreter at the top of the script from perl to
suidperl (they are the same symbloic link, but I tried it anyhow)
Hi Shachar,
Thanks for the response.
I am using here Debian 5.0 and I still get the problem even if I:
1) setuid the file to be setuid root
2) change the perl interpreter at the top of the script from perl to
suidperl (they are the same symbloic link, but I tried it anyhow)
So I guess something
Noam Rathaus wrote:
not to
mention the fact that if this perl script or c program wrapper is then
called from Apache the restriction still applies and I haven't been
able to get around it.
At least on my system, perl installs a suid helper that does this for
you. You just mark the per
Hi Yedidyah,
See below
On Thu, Apr 23, 2009 at 12:34 PM, Yedidyah Bar-David
wrote:
> Hi Noam,
>
> On Thu, Apr 23, 2009 at 12:08:21PM +0300, Noam Rathaus wrote:
>> Hi Yedidyah,
>>
>> This "stupid" - in my opinion - restriction also applies to perl script.
>
> This is a free country, you know. You
Hi Noam,
On Thu, Apr 23, 2009 at 12:08:21PM +0300, Noam Rathaus wrote:
> Hi Yedidyah,
>
> This "stupid" - in my opinion - restriction also applies to perl script.
This is a free country, you know. You are entitled have your own
opinion. As I exaplained below, the main problem with setuid scripts
Hi Yedidyah,
This "stupid" - in my opinion - restriction also applies to perl script.
And there they also recommend using a C program that will be setuid
that will run the perl script.
This is of course an over-complicated manner of doing things, not to
mention the fact that if this perl script
On Thu, Apr 23, 2009 at 11:31:38AM +0300, Shachar Shemesh wrote:
>
> Oron Peled wrote:
>>
>> There's a reason why the kernel does not respect suid/sgid bit on shell
>> scripts -- It's because there are gazillions of ways a user can use
>> this script to gain total root access.
>>
> Name two?
Th
Oron Peled wrote:
There's a reason why the kernel does not respect suid/sgid bit on shell
scripts -- It's because there are gazillions of ways a user can use
this script to gain total root access.
Name two?
Maybe writing a wrapper suid program that totally sanitize
both the environment an
On Thu, Apr 23, 2009 at 08:56:45AM +0300, Erez D wrote:
> i have a bush script i want to be run with root permisions, no matter
> which user executes it.
>
> if it was a binary, i would only need set it suid root.
>
> but as it is a bash script, suid-ing it doesn't do anything, and suid-ing
> /bi
--- On Thu, 4/23/09, Erez D wrote:
> From: Erez D
> Subject: suid root - bash script
> To: "linux-il"
> Date: Thursday, April 23, 2009, 8:56 AM
> hi
>
> i have a bush script i want to be run with root permisions,
> no matter which user executes it.
>
On Thu, Apr 23, 2009 at 08:56:45AM +0300, Erez D wrote:
> hi
>
> i have a bush script i want to be run with root permisions, no matter which
> user executes it.
>
> if it was a binary, i would only need set it suid root.
>
> but as it is a bash script, suid-ing it doesn't do anything, and suid-i
hi
i have a bush script i want to be run with root permisions, no matter which
user executes it.
if it was a binary, i would only need set it suid root.
but as it is a bash script, suid-ing it doesn't do anything, and suid-ing
/bin/bash itself will make all scripts run suid root, which is surly
22 matches
Mail list logo
