[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Shell Script and SUID?



Well, thank you, Tom and Keith.
I've checked the man page of 'passwd' and it actually has the option
'--stdin', which tells the command to accept the new password from standard
input just once; making it easy to automate things.

Regarding my SUID problem, I'll take a look at SUDO. Thanks for your
suggestion.

Vidol

----- Original Message -----
From: Keith Winston <kwinston twmi rr com>
To: <psyche-list redhat com>
Sent: Friday, April 18, 2003 6:53 PM
Subject: Re: Shell Script and SUID?


> Loeung Vidol wrote:
> > Hi all:
> >
> > Can I set SUID to a shell script that looks like the following:
> > ---------------------
> > #!/bin/bash
> >
> > #Name: add4all.sh
> > #Usage: add4all.sh username password
> >
> > /usr/sbin/useradd $1
> > /bin/echo "$2" | /usr/bin/passwd --stdin $1
> > ------------------------
> >
> > so that any user can use it?
> >
> > Well, it's not really important but i'd like to know if it can be done.
>
> Other than your script having errors (there is no --stdin option AFAIK),
> you can set the SUID bit on any executable, including a shell script and
> it will run as root, allowing anyone who can execute the script to use it.
>
> Of course, it is very dangerous to do this, because once you get the
> script working above, anyone could change the root password and own your
> machine.  Generally, SUID programs/scripts are a bad idea.  Look at the
> sudo command if you want to share some admin responsibilities without
> sharing root.
>
> Best Regards,
> Keith
> --
> LPIC-2, MCSE, N+
> Droplets of yes and no in an ocean of maybe
> Got spam? Get spastic http://spastic.sourceforge.net
>
>
>
> --
> Psyche-list mailing list
> Psyche-list redhat com
> https://listman.redhat.com/mailman/listinfo/psyche-list






[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]