04-15-2002
setuid
I have a C wrapper programme which basically execute a shell script. The shell script has 700 as permission and oracle is owner of the shell script.
The C execuatble has 4711 permission so that means that it has setuid bit set and group and others can execute the C executable.
The reason why I am doing is, I don't want to give read access to my shell script to others and group and owner will have rw access to the script file.
When I execute my C execuatble as different user, it works great but I want some enhancement. When my script is being executed, it is executed as oracle user so every line in the script is executed as oracle user but there are certain things which I want to run as the real user not the effective user. e.g. my shell script calls sqlplus , so when sqlplus is being run , it is run under oracle user but what I want is , it should run under the name of real user.
Is there any easy way to do this ?
Thanks
Sanjay
10 More Discussions You Might Find Interesting
1. UNIX for Dummies Questions & Answers
Hi,
I have been looking at setuid and setgid.
I understand that setuid determines who owns the file and setgid determines which group of people can access the file... yeah?!
But i need to know how to actually use setuid and setgid. I'm guessing chmod will feature somewhere..
Any help... (1 Reply)
Discussion started by: crispy
1 Replies
2. UNIX for Advanced & Expert Users
Hi,
This question deals with Solaris 2.8 and setuid programs. From research I've done so far, setuid programs ignore LD_LIBRARY_PATH; I've proven this and am OK with it. The thing I am not certain of how the C compiler is supposed to behave when it is invoked via a setuid program. Basically,... (0 Replies)
Discussion started by: WolfBoy
0 Replies
3. UNIX for Dummies Questions & Answers
could u plz give me clear idea of spcial permissions setuid,getuid and striky bit . (1 Reply)
Discussion started by: Prem
1 Replies
4. Solaris
Hi All,
Can someone give me some info about setuid or guid topic? Also about sticky bit.
Thanks in advance,
itik (9 Replies)
Discussion started by: itik
9 Replies
5. UNIX Desktop Questions & Answers
I would like to list files with setuid and setgid set up. I used the find command, but I got a lot of permission denied error. I tried to redirect the error to the hole it does not work. I used the command string below
find . -type f \( -perm -4000 -o -perm -2000 \) -exec ls {} \; 2>/dev/null... (3 Replies)
Discussion started by: Pouchie1
3 Replies
6. AIX
Guy's
I'm trying to add some lines in sudo by useing this command visudo
# User privilege specification
root ALL=(ALL) ALL
# Uncomment to allow people in group wheel to run all commands
# %wheel ALL=(ALL) ALL
# Same thing without a password
# %wheel ALL=(ALL) NOPASSWD: ALL
#... (5 Replies)
Discussion started by: ITHelper
5 Replies
7. HP-UX
Hi All,
How to prevent root user from doing setuid().
In otherwords, if the root(any user) is trying to do setuid in a program it should fail. (5 Replies)
Discussion started by: guru13
5 Replies
8. Solaris
Hi Gurus,
I need your suggestions,to implement setuid.
Here is the situation. I have a user xyz on a solaris zone.He needs to install a package using a pkgadd command but i guess only a root can run that .Is there any way I can set the setuid bit on the pkgadd which is in the location... (6 Replies)
Discussion started by: rama krishna
6 Replies
9. UNIX for Beginners Questions & Answers
Just learning about the privilege escalation method provided by setuid. Correct me if I am wrong but what it does is change the uid of the current process to whatever uid I set. Right ?
So what stops me from writing my own C program and calling setuid(0) within it and gaining root privileges ?
... (2 Replies)
Discussion started by: sreyan32
2 Replies
10. Shell Programming and Scripting
I'm trying - as an ordinary user - to create a file in the root directory of my system. For that purpose I wrote a simple script that echoes a string into a file. I made the file executable, used sudo to change ownership to root. Like this:
$ cat hello
#!/bin/bash
echo hello > /hello
$... (5 Replies)
Discussion started by: Ralph
5 Replies
exit(1) User Commands exit(1)
NAME
exit, return, goto - shell built-in functions to enable the execution of the shell to advance beyond its sequence of steps
SYNOPSIS
sh
exit [n]
return [n]
csh
exit [ ( expr )]
goto label
ksh
*exit [n]
*return [n]
DESCRIPTION
sh
exit will cause the calling shell or shell script to exit with the exit status specified by n. If n is omitted the exit status is that of
the last command executed (an EOF will also cause the shell to exit.)
return causes a function to exit with the return value specified by n. If n is omitted, the return status is that of the last command exe-
cuted.
csh
exit will cause the calling shell or shell script to exit, either with the value of the status variable or with the value specified by the
expression expr.
The goto built-in uses a specified label as a search string amongst commands. The shell rewinds its input as much as possible and searches
for a line of the form label: possibly preceded by space or tab characters. Execution continues after the indicated line. It is an error to
jump to a label that occurs between a while or for built-in command and its corresponding end.
ksh
exit will cause the calling shell or shell script to exit with the exit status specified by n. The value will be the least significant 8
bits of the specified status. If n is omitted then the exit status is that of the last command executed. When exit occurs when executing
a trap, the last command refers to the command that executed before the trap was invoked. An end-of-file will also cause the shell to exit
except for a shell which has the ignoreeof option (See set below) turned on.
return causes a shell function or '.' script to return to the invoking script with the return status specified by n. The value will be the
least significant 8 bits of the specified status. If n is omitted then the return status is that of the last command executed. If return
is invoked while not in a function or a '.' script, then it is the same as an exit.
On this man page, ksh(1) commands that are preceded by one or two * (asterisks) are treated specially in the following ways:
1. Variable assignment lists preceding the command remain in effect when the command completes.
2. I/O redirections are processed after variable assignments.
3. Errors cause a script that contains them to abort.
4. Words, following a command preceded by ** that are in the format of a variable assignment, are expanded with the same rules as a vari-
able assignment. This means that tilde substitution is performed after the = sign and word splitting and file name generation are not
performed.
ATTRIBUTES
See attributes(5) for descriptions of the following attributes:
+-----------------------------+-----------------------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
|Availability |SUNWcsu |
+-----------------------------+-----------------------------+
SEE ALSO
break(1), csh(1), ksh(1), sh(1), attributes(5)
SunOS 5.10 15 Apr 1994 exit(1)