Single file version available here.
Last updated on 2008-07-05.
To discuss, comment here.
| Prev | Next | |
| Home |
Newsgroups: comp.os.linux.misc
> I have written a PERL script to prompt for a username and password. It > then adds the user to the system. The problem I am having is that the user > running the script is not root. Is there a way to get the PERL script to run > as root, by someone other than root ?
(It is not spelled "PERL".) If you have suidperl installed, you can make the script run with root's permissions by making it owned by root, then turning on the setuid bit with "chmod u+s /path/to/script". You may want to take away the permission of any user to run it ("chmod o-x /path/to/script") and put the authorized users and the script in a special group.
Notes:
Paul Kimoto
> It is too hard to write secure setuid shell scripts. Accordingly, Linux > ignores the setuid bit on scripts.
Not true.
Linux ignores the setuid bit, because the current method of invoking a script allows for a race condition. This has been solved on other Unix systems (like, say, Solaris) by invoking the interpreter and passing it an open file handle to the script instead of the name of it, breaking the race condition.
From the perlsec man page:
hint: symbolic links and an suid script make it trivial to run any program as the owner of the suid script on such systems, of which Linkux is one. Set up a symlink like foo->/sbin/rootly, where rootly is an suid script. Then run 'foo'… if you're quick and can point foo at myrootshell between the time the kernel decides to run perl (or sh or any other #!'ist script), myrootshell will run as root… even though it's not suid.
Brian Moore
| Prev | Next | |
| Home |