[Tfug] scripting

[R351574NC3]

Patrick Fristoe wrote:

>--- R351574NC3 <leo@leosandbox.org> wrote:
>  
>
>>Patrick,
>>
>>Perhaps another thing you could do is give suid
>>access to a certain 
>>group and then add whatever users you want to
>>execute the 'dip' program 
>>to that group. That would be less configuring, but
>>you would not benefit 
>>from sudo's logging facilities.
>>
>>    
>>
>I have given the dip program the group id of uucp, and
>thus I can also assign uucp to who ever I want to on
>my server, but that does not help when the dip tries
>to run the lock on the modem. The system still replies
>with permission denied.
>
This is because you need a script that is only executable by the uucp 
group and also is suid, thus when executed attains the uid 0 (root) and 
giving the appearance of a root execution. No logging though. Just needs 
the suid sticky bit I believe (only settable by root).

>
>=====
>Patrick Fristoe
>pfristoe@yahoo.com
>Tucson, Arizona
>
>__________________________________________________
>Do you Yahoo!?
>Yahoo! Mail Plus - Powerful. Affordable. Sign up now.
>http://mailplus.yahoo.com
>_______________________________________________
>tfug mailing list
>tfug@tfug.org
>http://www.tfug.org/mailman/listinfo/tfug
>  
>