Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!


Click here to return to the 'Use suid permissions' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
Use suid permissions
Authored by: KOHb on Nov 27, '02 12:47:37PM
You could instead create a script that assumes root-priviliges when run by using the suid permission.
  1. Create a script, say, "fixperms.sh". Have it contain:
    #!/bin/sh diskutil repairPermissions /
  2. Make the script executable by typing "chmod ugo+x fixperms.sh"
  3. Change the script's owner to be root "sudo chown root fixperms.sh"
  4. Make the script assume root's UID when executed: "sudo chmod u+s fixperms.sh"
  5. Put this script in your crontab, as the hint suggests.
The "s" permission means that the script will run with the owner's permissions, as opposed to yours. "man chmod" might explain things.

It's also perfectly reasonable to put "diskutil repairPermissions /" in root's crontab. Root's crontab is in /etc/crontab, or you can create a script and put it in /etc/periodic/daily

The point is---there's absolutely no reason to ever store your password in plaintext on your machine.

[ Reply to This | # ]

Use suid permissions
Authored by: mervTormel on Nov 27, '02 02:17:25PM

{groan}

there are also huge security issues with making shell scripts SUID and SGID executable. a very secure kernel is compiled to disallow this. earlier versions of Mac OS X apologized and failed when one tried to SUID/SGID a shell script.

make darn sure owner:group is root:wheel and make darn sure there is no write access!

darnit! make darn sure you don't approach this with a cavalier attitude! in fact, other solutions should be considered first! it's just too easy to get careless and forget about this kind of stuff; it constitutes another maintenance issue on your plate that you should and need to monitor closely.



[ Reply to This | # ]