From: Bill Townsley (
Date: Tue Oct 01 1996 - 10:28:07 CDT

OK! Mercy! SUID scripts are a Bad Thing. In fact a Huge Security Hole.
I promise I won't write one or even mention them ever again.

> Sun Managers,
> I've created a Bourne shell script under Solaris 2.4 which basically
> looks for defunct processes and kills them. I'd like the operations
> staff to be able to run this script without requiring the root
> password. Every attempt I've made at making this script SUID has
> failed. Joe User gets a "/bin/sh: kill: permission denied" message.
> The permissions on the script are "-rwsr-xr-x" ie 4755. I assume
> there's more to a SUID script than I'm aware...can anybody help me
> out?


1) you can do suid scripts in Solaris 2.x
2) write a C program (you can do suid execs) that calls the script (a wrapper)
3) do it in Perl/ksh/C
4) run it in cron as root
5) use sudo/wiz/opcomm which allow certain users to execute certain
commands as root in a controlled way.

Many thanks to all the reponders for their firm but kind suggestions:
"Nicholas R LeRoy" <>
Jim Ausman <> (Mark S. Anderson)
Martin Espinoza <> (Ken Brownfield)
Nicky Ayoub <Nicky.Ayoub@Microchip.COM> (AMH) (Mark J O'reilly) (Frank Pardo)
Ric Anderson <> (Miquel Cabanas. BBM-UAB)
Rich Kulawiec <> (Ing. Felipe Tribaldos)
Japie Greeff <> (LEMERCIER Laurent)
Trevor Morrison <>
Herbert Wengatz <> (Brett Lymn) (Ray Trzaska)
"David Evans" <>
Mark Belanger <>
Brad Young <>
mshon@sunrock.East.Sun.COM (Michael J. Shon {*Prof Services} Sun Rochester) ( Andy J. Stefancik 237-2164 )
Wanda Perrier <> (Ira Childress) (Jerry Springer)
Richard Pieri <>
Cameron Humphries <> (George P Josilo) (Rich Casto)
Rahul Roy <> ("Michael Salehi x22725")

This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:11:11 CDT