[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: forcing a shell script to run a specific user?

Charles Menzes said:
> is there any way to force a shell script to run as a specific user despite
> who actually initiates it?

No.  Setuid shell scripts are inherently insecure, and no modern Unix
allows them.  You'll either have to write a wrapper, or use something
like sudo.

A wrapper could be something as simple as the following:

    #include <stdio.h>
    #include <stdlib.h>
    #include <unistd.h>

    /* Make sure this is an absolute path. */
    #define SCRIPT "/path/to/script"

    int main(void)
	char *safe_envp[]={"SHELL=/bin/sh", "PATH=/bin:/usr/bin", NULL};

        if (execle(SCRIPT, SCRIPT, (char *)NULL, safe_envp)==-1)
	    perror("execle("SCRIPT") failed");

	return 1;

Still, keep in mind that this is generally not considered a very safe
thing to do, so be careful...

steve@silug.org           | Linux Users of Central Illinois
(618)398-7320             | Meetings the 4th Tuesday of every month
Steven Pritchard          | http://www.luci.org/ for more info
To unsubscribe, send email to majordomo@luci.org with
"unsubscribe luci-discuss" in the body.