Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!


Click here to return to the 'Run SUID shell scripts safely' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
Run SUID shell scripts safely
Authored by: kamath on Apr 19, '05 05:54:10PM

Sigh.

I wish people would stop recommending "yet another way" to "fix" this.

Everything you need is already here.

First off, if you wish to turn this back on, more power to you. Hope you're the only one running on your machine.

Second, just use sudo. If you *REALLY* need setuid scripts (most people don't), you can do the following (reasonably safely) instead:

Open Terminal
type 'sudo visudo' (yeah, you need to be root to edit the file that allows ou to be root. ;-)).
At the bottom, add a line like so:

<username> NOPASSWD:/path/to/your/scripts/*

where <username> is your "short name"
save the file.

Now, you can type 'sudo scriptname' (assuming your script is in /path/to/your/scripts, and that that path is in your PATH).

You can even put 'sudo scriptname' in your non-setuid shell script.

(A somewhat slightly more secure version of this is to use a command alias for your scripts:

Cmd_Alias SUID_SCRIPTS /path/to/script1, /other/script, etc
<username> ALL=NOPASSWD: SUID_SCRIPTS

run 'man sudoers' and peruse the examples. . .)




[ Reply to This | # ]