Gentoo Archives: gentoo-user

From: Richard Fish <bigfish@××××××××××.org>
To: gentoo-user@l.g.o
Subject: Re: [gentoo-user] non-sudo way for user to run shutdown -h now? (or any equivalent)
Date: Wed, 20 Jul 2005 21:21:06
Message-Id: 42DEBF0F.6020101@asmallpond.org
In Reply to: Re: [gentoo-user] non-sudo way for user to run shutdown -h now? (or any equivalent) by Wade Brown
1 Wade Brown wrote:
2
3 >I thought linux wouldn't allow suid shell scripts to work as suid.
4 >The reasoning is a shell script doesn't quite execute, it gets
5 >interpeted by the command on the first line. Just as a test I made a
6 >simple script modded root.root 4755 that consists of the /bin/bash
7 >line, and cat /etc/shadow. Root can run just fine obviously, but
8 >permissions don't exist for other users to do that.
9 >
10 >
11 >
12
13 Works fine on my machine. /opt/vmware/lib/vmware/bin/vmware-vmx is a
14 setuid shell script that I wrote to startup vmware with the wrapper
15 library to get vmware to work with arts. Also my permissions on that
16 file are 4711, so maybe there is something special about the global read
17 bit? Or possibly dependant upon what LSM modules you have loaded/enabled?
18
19 >What may work a little better is either chmod s+x `which shutdown`, or
20 >writing a C wrapper and modding that s+x.
21 >
22 >
23
24 I agree that the C wrapper is definetly the most secure option.
25
26 -Richard
27
28 --
29 gentoo-user@g.o mailing list