• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 803
  • Last Modified:

Even with SUID other users cannot run script

Would like a user to run a script that changes a file permission for her.
This are the file permissions
-rwsrwsr-t file.sh
But any other user apart from script owner cannot run the script this is the error
chmod: file.sh  Operation not permitted.
This is the script
#!/usr/bin/sh
 find *ttt -perm 640 -print  -exec chmod 644 {} \;

Your assistance  is appreciated

Mike
0
mngong_rc
Asked:
mngong_rc
  • 4
  • 3
  • 3
  • +1
2 Solutions
 
TintinCommented:
Just about all Unix/Linux kernels prevent you using setuid shell scripts because of the security risks.

The best way to handle this is to use sudo.

If you don't already have sudo, you can download it from http://www-03.ibm.com/systems/p/os/aix/linux/toolbox/date.html
0
 
mngong_rcAuthor Commented:
Just so there is  no ambiguity.
User A owns the files .I want user B to run a  script.
to change the permissions on the files so that she can read the files  .
Are you suggesting user B sudo to user A? If that were the case there would be no issue
with user B changing the permissions if there were capable of  sudo ing  to user A
Ideally this needs to be done with  minimal changes and  a cron  job that changes the file
permissions every half hour or so appeared to be one optoin .The idea of SUID seemed to be the least intrusive though it is starting to look less feasible
Could be missing something

Thanks

Mike
0
 
gheistCommented:
sh is always under /bin/ as per POSIX and LSB requirements.

Do you need sudo usaage examples besides those in sudoers files.
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
mngong_rcAuthor Commented:
If sudo is the only way to do it Yes.
0
 
omarfaridCommented:
please see link below for sudo:

http://www.gratisoft.us/sudo/man/sudoers.html
0
 
gheistCommented:
sudo allows to restrict what commands can be executed as different user. one can use su, but then password for target user or root is necessary, so I'd back opinion that sudo is only reasonable option.

Part around "dgb" shows example that fits your needs.
You change chmod in your script to sudo -u target chmod and it works...
0
 
mngong_rcAuthor Commented:
Will accept the solution that there is no solution except with sudo .
Since you do not want any user sudoing to a priviledged user for the
purpose of running a script .You do not also want to make new entries
to /etc/sudoers only to let  users  execute a single
script for that reason a  cron job will be scheduled ever so often
to do the job.
Thanks to everyone for your input

Mike
0
 
TintinCommented:
You asked a question if something was possible, the experts here have told you it wasn't and gave you an alternative of sudo (which you don't want), but that is still an answer.
0
 
gheistCommented:
Thats actually complete "solution" since all other options do not fit in cron scenario...
0
 
mngong_rcAuthor Commented:
Please read the last post

>>Will accept the solution that there is no solution except with sudo >>

Thanks

0
 
TintinCommented:
Recommend #3

split between 22955739 & 22963885
0
 
omarfaridCommented:
Recommends #3
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

  • 4
  • 3
  • 3
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now