Kirk Bailey <[EMAIL PROTECTED]> writes: > Nope, I wrote a script that simply wran ID as a command and printed > the result, and ran it as my id of howlermo, although it was owned by > root. It wran as howlermo. I then ran it as grumpy. It ran as > grumpy. I then ran it as su, it ran as su. Permission was 755, so > anyone could run it, and w hoever ran it, it ran as; it assumes the id > of the person running it. Hmmm...
Scripts don't honor setuid bits. [For rather important security reasons.] I'd be surprised if there was really a manual page that said otherwise. > Kevin D. Kinsey, DaleCo, S.P. wrote: > > From: "david" <[EMAIL PROTECTED]> > > Subject: Re: Run as owner > > On Friday 29 November 2002 23:30, Kirk Bailey wrote: > > > >>OK, man says to get a script to run as the owner, turn on the 4000 > > bit. > > > >>OK, I did. No such luck, it continues to run as the apache identity > >>'nobody'. > > david: I'm just wondering, why is this a problem? > > I believe it's 'cuz he wants the script to build or destroy > > /etc/mail/aliases......check out some earlier posts under > > different thread names, perhaps. > > Kevin Kinsey > > DaleCo, S.P. > > > > > -- > > end > > Respectfully, > Kirk D Bailey > > > +---------------------"Thou Art Free." -Eris-----------------------+ > | http://www.howlermonkey.net mailto:[EMAIL PROTECTED] | > | KILL spam dead! http://www.scambusters.org/stopspam/#Pledge | > | http://www.tinylist.org +--------+ mailto:[EMAIL PROTECTED] | > +------------------Thinking| NORMAL |Thinking----------------------+ > +--------+ > > --------------------------------------------- > Introducing NetZero Long Distance > 1st month Free! > Sign up today at: www.netzerolongdistance.com > > To Unsubscribe: send mail to [EMAIL PROTECTED] > with "unsubscribe freebsd-questions" in the body of the message To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message
