Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

A root script that others can run

Status
Not open for further replies.
billy1

billy1

Technical User
Sep 16, 2002
73
IE
I have a script owned by root which does various things including running 'rmuser -p' and 'su - <another user>'. I can run this script as root and it works fine. I thought that to be able to let others run it I could set the permissions using an ACL file and specifying the userid's I need to be able to run it. The permissions on the file are as follows:
-r-s--x--x 1 root system rmuser_pms.sh

But on testing it out running it as one of the ACL userid's, rmuser won't execute and when running su it prompts for a password.

Any ideas on how to get this working or is it even possible ?


 
Sort by date Sort by votes
you cannot make a script suided. To deal with this , you need to have an executable which is suided to call the script. You could write a fairly simple C program which calls this script and put the s bit on the compiled program

Dave
 
Upvote 0 Downvote
Dave, I think you are correct. I remember seeing that before. By writing a C program, compiling it and then attaching the ACL rights to this script which calls my shell script it will run. I'll have to look up the old C books. Thanks !
 
Upvote 0 Downvote
Ok, I've written a c program which has compiled and it runs the script successfully. 'rmuser' within the script runs grand but the 'su - <other userid>' doesn't. It's still prompting for a password. Any ideas ?
 
Upvote 0 Downvote
#include<stdio.h>
#include<stdlib.h>
#include<string.h>

main() {
char user_name[20];
char cmd[40];
setuid(0);
setgid(0);

printf(&quot;Enter user to su or remove: &quot;);
gets(user_name);
sprintf(cmd,&quot;/usr/bin/rmuser %s&quot;, user_name);
system(cmd);
}


Your compile may balk that gets is unsafe, but this is a quick and dirty c program to do what you want. It could be further enhanced to check the user to see if they are allowed to execute it and could/should include error checking.
 
Upvote 0 Downvote
I just added setuid(0) to my existing script and that did the trick. Many thanks to all !
 
Upvote 0 Downvote
I would agree with alexhu, sudo is an easy and highly configurable solution to this problem.

crowe
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

E
  • Question
AIX Power5 on 5.3- On varyonvg error "cannot be varied on because no good copies of the descriptor area"
Replies
0
Views
170
emze
E
E
  • Locked
  • Question
What are reservations and how do you set them?
Replies
0
Views
194
emze
E
A
  • Locked
  • Question
Adding Existing LUN to New LPAR AIX
Replies
0
Views
230
Alvinghost
A
jkc2023
  • Locked
  • Question
AIX TL and SP upgrade
Replies
0
Views
251
jkc2023
jkc2023
mar3i
  • Locked
  • Question
Cannot inrease var filesystem 1
Replies
2
Views
133
pa2nc
pa2nc

Part and Inventory Search

Sponsor

Back
Top