Thanks to Terry Garnder, Larye Parkins, Rich Teer, Dave Mitchell, & Walter Huekels. General consensus: A script losing the setuid bit when edited by non-root users is normal behavior. Helpful tips: Larye Parkins wrote: ==================== instead of setuid scripts, normally cautious types use a wrapper, which is a small compiled program that, using setuid privilege, executes a shell script which is only readable/executable by the setuid user. A simple setuid wrapper, from the perlsec man page: #define REAL_PATH "/path/to/script" main(ac, av) char **av; { execv(REAL_PATH, av); } The wrapper is setuid, the script isn't, so the script owner can edit away. However, the script must be protected from compromise, since the wrapper will run whatever is at the target location. ==================== Walter Heukels wrote: use vim, which is better in every respect and doesn't mess up the permissions. ==================== Thanks for all of the responses. bfg -----Original Message----- From: Ben Green [mailto:awk@carolina.rr.com] Sent: Wednesday, July 16, 2003 5:07 PM To: 'sunmanagers@sunmanagers.org' Subject: Silly Little Question about SETUID Fellow managers, I have been living the superuser lifestyle too long. On one of my servers, I recently helped a non-privileged user set the setuid bit on a shell script. I used vi on it as root to make a small fix to it and it continued to work. However, when the owner of the shell script edits the file with vi, writing the changes to disk causes the setuid bit to go away. The user then has to chmod u+s on the file to get it back. Maybe I missed this during some discussion years ago, or maybe I have been doing things as root so much that I have forgotten how the common user's shell life goes. Why is this happening? Ben Green _______________________________________________ sunmanagers mailing list sunmanagers@sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagersReceived on Fri Jul 18 20:53:15 2003
This archive was generated by hypermail 2.1.8 : Thu Mar 03 2016 - 06:43:16 EST