Re: forcing a shell script to run a specific user?

[Steven Pritchard <steve@silug.org>]

Charles Menzes said:
> is there any way to force a shell script to run as a specific user despite
> who actually initiates it?

No.  Setuid shell scripts are inherently insecure, and no modern Unix
allows them.  You'll either have to write a wrapper, or use something
like sudo.

A wrapper could be something as simple as the following:

    #include <stdio.h>
    #include <stdlib.h>
    #include <unistd.h>

    /* Make sure this is an absolute path. */
    #define SCRIPT "/path/to/script"

    int main(void)
    {
	char *safe_envp[]={"SHELL=/bin/sh", "PATH=/bin:/usr/bin", NULL};

        if (execle(SCRIPT, SCRIPT, (char *)NULL, safe_envp)==-1)
	{
	    perror("execle("SCRIPT") failed");
	    exit(EXIT_FAILURE);
	}

	return 1;
    }

Still, keep in mind that this is generally not considered a very safe
thing to do, so be careful...

Steve
-- 
steve@silug.org           | Linux Users of Central Illinois
(618)398-7320             | Meetings the 4th Tuesday of every month
Steven Pritchard          | http://www.luci.org/ for more info
-
To unsubscribe, send email to majordomo@luci.org with
"unsubscribe luci-discuss" in the body.