SEO

#1 (**permalink**) 01-18-2008, 06:08 PM

All,

I am having trouble to port some scripts (written in ksh) from Solaris
to Linux, because Linux
disables setuid scripts on purpose but all my scripts rely on this
feature!

I understand that there are security holes with setuid scripts, but
that is not my concern.

I wonder, is there any way to enable the setuid scripts? Can I do it by
re-compiling the kernel, turning some flag on?

--
B.Y.

#2 (**permalink**) 01-18-2008, 06:08 PM

bianying@gmail.com wrote:

> All,
>
> I am having trouble to port some scripts (written in ksh) from Solaris
> to Linux, because Linux
> disables setuid scripts on purpose but all my scripts rely on this
> feature!

Poorly written then.

>
> I understand that there are security holes with setuid scripts, but
> that is not my concern.

It should be. Poor security practices on your part can cause problems for
EVERYONE on the net. If you get in bad habits and don't learn the correct
way to do what you want, then those habits will translate to servers and
system where it DOES matter.

>
> I wonder, is there any way to enable the setuid scripts? Can I do it by
> re-compiling the kernel, turning some flag on?

Learn to use suid correctly. You should be able to figure out how to set the
permissions and the suid on the binary commands that are run by the script
to accomplish what you want even if you

>
> --
> B.Y.

--

Dan C. Gets caught apparently Plagiarizing:
Message ID: <3ab7l3-tnl.ln1@alta.sierrandays.org>
Yeah, this is the type critical of me!

#3 (**permalink**) 01-18-2008, 06:08 PM

On 2006-06-27, bianying@gmail.com <bianying@gmail.com> wrote:
> I wonder, is there any way to enable the setuid scripts?

Not that I know, the simples solution is to use sudo from the inside of
your scripts.

Davide

--
Reset button? Which reset button? - Linux, the OS that never sleeps.
-- Havlik Denis

#4 (**permalink**) 01-18-2008, 06:08 PM

<bianying@gmail.com> wrote in message
news:1151397533.152658.284240@x69g2000cwx.googlegr oups.com...
> All,
>
> I am having trouble to port some scripts (written in ksh) from Solaris
> to Linux, because Linux
> disables setuid scripts on purpose but all my scripts rely on this
> feature!

Heh. Heh-heh-heh-heh. I'm sorry for your need to do the work, but honestly,
you get what you deserve for doing that.

> I understand that there are security holes with setuid scripts, but
> that is not my concern.

See above.

> I wonder, is there any way to enable the setuid scripts? Can I do it by
> re-compiling the kernel, turning some flag on?

Conceivable. I've never even considered it, but you're welcome to go looking
for it. Like trying to drive without brake lights, it just seems so
hazardous that few people will encourage you to do it.

You should b e able use "sudo" to allow any or all users to execute those
scripts as root, instead of making them suid.

#5 (**permalink**) 01-18-2008, 06:08 PM

bianying@gmail.com wrote in
news:1151397533.152658.284240@x69g2000cwx.googlegr oups.com:

> All,
>
> I am having trouble to port some scripts (written in ksh) from Solaris
> to Linux, because Linux
> disables setuid scripts on purpose but all my scripts rely on this
> feature!
>
> I understand that there are security holes with setuid scripts, but
> that is not my concern.
>
> I wonder, is there any way to enable the setuid scripts? Can I do it
> by re-compiling the kernel, turning some flag on?
>
> --
> B.Y.
>

You generally turn the group/user execute bit on along with chowning it
to that user/group. If you don't know what chown and chmod are, then you
are in over your head and need to read the manual pages for both.

--
(setq (chuck nil) car(chuck) )

#6 (**permalink**) 01-18-2008, 06:09 PM

On 28 Jun 2006, in the Usenet newsgroup comp.os.linux.setup, in article
<Xns97EFB827EFCB0chucknilcar@85.227.11.7>, chuckcar wrote:

>bianying@gmail.com wrote

>> I am having trouble to port some scripts (written in ksh) from Solaris
>> to Linux, because Linux
>> disables setuid scripts on purpose

I guess you missed that part of the sentence.

>You generally turn the group/user execute bit on along with chowning it
>to that user/group.

which is great, but why don't you try that on a script. As the O/P
noted, the Linux kernel ignores SUID and SGID scripts.

>If you don't know what chown and chmod are, then you are in over your
>head and need to read the manual pages for both.

You may also need to do some reading, or at least try what you suggest
before posting it.

Old guy

#7 (**permalink**) 01-18-2008, 06:09 PM

ibuprofin@painkiller.example.tld (Moe Trin) wrote in
news:slrnea5o24.p6m.ibuprofin@compton.phx.az.us:

> On 28 Jun 2006, in the Usenet newsgroup comp.os.linux.setup, in
> article <Xns97EFB827EFCB0chucknilcar@85.227.11.7>, chuckcar wrote:
>
>>bianying@gmail.com wrote
>
>>> I am having trouble to port some scripts (written in ksh) from
>>> Solaris to Linux, because Linux
>>> disables setuid scripts on purpose
>
> I guess you missed that part of the sentence.
>
>>You generally turn the group/user execute bit on along with chowning
>>it to that user/group.
>
> which is great, but why don't you try that on a script. As the O/P
> noted, the Linux kernel ignores SUID and SGID scripts.
>
>>If you don't know what chown and chmod are, then you are in over your
>>head and need to read the manual pages for both.
>
> You may also need to do some reading, or at least try what you suggest
> before posting it.
>
> Old guy
>

Funny. I have created my own scripts changed the to execute and they
work fine. And not just as root either - I have one user called chuck -
groups users and another called games - group games the former has run
at least two scripts which I wrote owned by him and his group and set to
execute only by him. What was the point now?

--
(setq (chuck nil) car(chuck) )

#8 (**permalink**) 01-18-2008, 06:09 PM

d and need to read the manual pages for both.
>
> You may also need to do some reading, or at least try what you suggest
> before posting it.
>
> Old guy

Ignore my pervious post - the OP missed an important point about how
things are done, and I didn't even think of it as worthwhile or even
think of the possibility actually.

--
(setq (chuck nil) car(chuck) )

#9 (**permalink**) 01-18-2008, 06:22 PM

chuckcar <chuck@nil.car> wrote:

> Ignore my previous post - the OP missed an important point about how
^^^^^^^^^^^^^^^^^^^^^^^
> things are done, and I didn't even think of it as worthwhile or even
> think of the possibility actually.

I think you mean "I am about to cancel or supersede my previous post".
HTH. HAND.

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

SEO

How to enable setuid scripts in Linux?