Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Problem about su command ?
Top Forums Shell Programming and Scripting Problem about su command ? Post 302144908 by prowla on Sunday 11th of November 2007 10:10:07 PM
Old 11-11-2007
Option 1. - sudo
sudo is a freeware tool that can be downloaded from many sites, maybe even your OS vendor's (Sun and HP provide it free of charge).

Option 2 - OS built-in facilities
I don't know AIX, but does it offer any role-based access (RBAC) facilities built-in?

Option 3 - setuid wrapper
The other way to achieve what you want is to implement a setuid front-end to your command. Depending upon your o/s you may be able to do this as a shell script or may have to resort to C programming (see the exec() system call, but do not use system()).
HOWEVER, BE VERY AWARE OF WHAT YOU ARE DOING HERE, BECAUSE IF IT IS BADLY WRITTEN THEN IT COULD BE A HUGE SECURITY LOOPHOLE!

And a word of warning
In particular, if you use this approach to invoke a command that can "shell out" (eg. vi, more, and so-on), then you are giving the user the ability to become root on your system.
 

10 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

problem with who command

Sorry for my poor english. Unix is SCO ODT ver 3.0 Mine problem is : when I login via some terminal emulator and type : who am i I see information like this : username ttyp02 Feb 28 09:53 after logoff and type who command (from some other terminal) I see that ttyp02 is still... (2 Replies)
Discussion started by: bane_yu
2 Replies

2. UNIX for Dummies Questions & Answers

Problem with ps command??

I have a problem to.... (1).List the number of unique users that has active processes. (2).List the number of active processes for each of the users in (1). (3).Determine total memory usage for each user. Help me please....thank you. Best... (2 Replies)
Discussion started by: robocup
2 Replies

3. Shell Programming and Scripting

problem with dd command or maybe AFS problem

Hi, folks. Sorry for bothering, but maybe someone could help me please. The problem is the following: there is some script that copies files from local file system to AFS. The copying is performed with dd command. The script copies data into some AFS volumes. The problem appeared with one... (0 Replies)
Discussion started by: Anta
0 Replies

4. UNIX for Dummies Questions & Answers

problem with output of find command being input to basename command...

Hi, I am triying to make sure that there exists only one file with the pattern abc* in path /path/. This directory is having many huge files. If there is only one file then I have to take its complete name only to use furter in my script. I am planning to do like this: if ; then... (2 Replies)
Discussion started by: new_learner
2 Replies

5. Solaris

problem with ps command

Hi all I use to run sql loader inside a script with usename and password written in syntax. Now when I use 'ps' command to know about the status of loading, it also shows username and password that I don't want to share with someone who is sitting with me. If you have any idea except encryption... (1 Reply)
Discussion started by: sanjay1979
1 Replies

6. Shell Programming and Scripting

Problem with command tr

Hello, excuse me for my english, i'm a french man. I have a problem with the command tr in applescript (with the accent...in french we have a lot of accents), i have read that is a problem with the version 10.5 of leopard then i would want to download the version 10.4 of universal binary of tr... (1 Reply)
Discussion started by: protocomm
1 Replies

7. Red Hat

please help me in if command problem

Please help me this script !!!! Script ***** a=2.0.0.0 b=1.0.0.0 #if test $a -ge $b if then echo "A is Greater than B" else echo "B is Greater than A" fi i am getting following error >sh abc abc: line 6: [: 2.0.0.0: integer expression expected (8 Replies)
Discussion started by: ponmuthu
8 Replies

8. Shell Programming and Scripting

Problem with mv command and touch command

Hi guys, first of all I would say that this is my first time I write in a Forum. I've read the "forum rules" and I hope i will respect them. I searched everywhere for the solution of my problem but I didn't find anything. Here my problem: I'm using a sap job scheduler: in a particular job... (7 Replies)
Discussion started by: Antcam
7 Replies

9. Shell Programming and Scripting

Problem with tr command

Hi friends, Today I found one strange behaviour of the tr command. I used the following command: echo "NEE"|tr Sometimes it was giving "nee" as ouput . sometimes it was giving "NEE" as output. Finally I used the below code: echo "NEE"|tr "" "" ... and it gave me the correct... (17 Replies)
Discussion started by: neelmani
17 Replies

10. AIX

I'm facing problem with rpm command, when running the command and appears this error:

exec(): 0509-036 Cannot load program /usr/opt/freeware/bin/rpm because of the following errors: 0509-022 Cannot load module /opt/freeware/lib/libintl.a(libintl.so.1). 0509-150 Dependent module /opt/freeware/lib/libiconv.a(shr4.o) could not be loaded. 0509-152 Member... (4 Replies)
Discussion started by: Ohmkar
4 Replies

LEARN ABOUT PLAN9

setuid

SETUID(1)						      General Commands Manual							 SETUID(1)

NAME

       setuid - run a command with a different uid.

SYNOPSIS

       setuid username|uid   command [ args ]

DESCRIPTION

       Setuid  changes	user id, then executes the specified command.  Unlike some versions of su(1), this program doesn't ever ask for a password
       when executed with effective uid=root.  This program doesn't change the environment; it only changes the uid and then uses execvp() to find
       the command in the path, and execute it.  (If the command is a script, execvp() passes the command name to /bin/sh for processing.)

       For example,
	      setuid  some_user  $SHELL
       can be used to start a shell running as another user.

       Setuid  is  useful  inside  scripts that are being run by a setuid-root user -- such as a script invoked with super, so that the script can
       execute some commands using the uid of the original user, instead of root.  This allows unsafe commands (such as editors and pagers) to	be
       used  in  a  non-root  mode inside a super script.  For example, an operator with permission to modify a certain protected_file could use a
       super command that simply does:
	      cp protected_file temp_file
	      setuid $ORIG_USER ${EDITOR:-/bin/vi} temp_file
	      cp temp_file protected_file
       (Note: don't use this example directly.	If the temp_file can somehow be replaced by another user, as might be the case if it's kept  in  a
       temporary  directory,  there  will  be a race condition in the time between editing the temporary file and copying it back to the protected
       file.)

AUTHOR

       Will Deich

								       local								 SETUID(1)
All times are GMT -4. The time now is 10:25 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy