> I'm trying to make a script that create new users, using useradd. > This script would be owned by root but it will be used just by a normal > user. > I set: > > chmod ug+s myscript > > -rwsr-sr-x root sys myscript
Most kernels these days will ignore setuid scripts because there is an inherit race condition between when the suid check happens and when the interpreter opens the script. Things like sperl get around this by making the interpreter set uid and then have it check the file system bits after it opens the suid file. If your script is perl, this would be the easy way to go. > error: useradd failed > you are not authorized to administer users and groups Exactly, the script is not running with root privs. > Shoul i set chmod ug+s for useradd, passwd and users too? don't do this or they can do what ever they want with those programs. > Please need help There are two options here. If this is something that will be done frequently, I'd first suggest using sudo as it is intended for just this sort of thing. The other is to write a quick compiled suid wrapper that executes your script. This is pretty easy also, but takes some work to get the environment cleaned up correctly (read don't do it this way unless you know what you're doing). In general you need to be careful with suid. Most privilege escalation exploits in unix involve suid programs. It's very easy to leave holes in suid programs that can be easily exploited. >>>------> -- +-------------+-----------------------+---------------+ | Ed Schaller | Dark Mist Networking | psuedoshroom | +-------------+-----------------------+---------------+
pgp00000.pgp
Description: PGP signature
