01-17-2008
Quote:
Originally Posted by
dhanamurthy
Another way to do it is i.e if you want to change to the user to the owner of the file then you can use 's' bit. i.e the setuid bit on the file. So the executable when it runs , runs as if the owner of the executable is running it
I highly recommend against doing this. This is a very bad for security and avoid it at all costs. Some systems like AIX will ignore the setuid bit on a shell script. Use a sudo like solution.
9 More Discussions You Might Find Interesting
1. UNIX for Dummies Questions & Answers
My program is written in cpp and it uses a non standard library. I have compiled successfully by linking it to the library. But when i try to run the program. it give a error message like:
"error while loading shared libraries: ***.so: cannot open shared object file: No such file or directory"... (2 Replies)
Discussion started by: zzz_zzz
2 Replies
2. Shell Programming and Scripting
Hi all,
I am trying to eject the cdrom from a livecd after certain stage...
Now assuming that it is possible to eject,please consider my issue!!!
The OS boots into a regular user by default...so i am unable to use the eject command to push out the drive...
However if i try pfexec eject it... (3 Replies)
Discussion started by: wrapster
3 Replies
3. UNIX for Dummies Questions & Answers
Hi, I was wondering how to change the prompt for my ssh login. At the moment it is like
user>
while I'd like it to be as
user@host>
It is in the .bash_profile or .ssh ??? Thanks (2 Replies)
Discussion started by: pmasterkim
2 Replies
4. Shell Programming and Scripting
Hi,
I have to change many times user in a script.
With the command su userName I receive the request for password. I need to open a session with another user I would put the password at the beginning.
How can I do it?
Thanks, bye bye.
---------- Post updated 22-04-10 at 10:58 AM ----------... (9 Replies)
Discussion started by: abdujaparov
9 Replies
5. Solaris
Hi all
i am using solaris 10, i am creating user with
useradd -d/home/user -m -s /bin/sh user
user is created with in the following path
/export/home/user (auto mount)
i need the user to be created like this
(/home as default home directory )
useradd -d /home/user -m -s /bin/sh... (2 Replies)
Discussion started by: kalyankalyan
2 Replies
6. AIX
If I create a new user id test:
mkuser id=400 test
then I want it to LDAP user:
chuser -R LDAP SYSTEM=LDAP registry=LDAP test
It shows:
3004-687 User "test" does not exist.
How to do? (4 Replies)
Discussion started by: rainbow_bean
4 Replies
7. Shell Programming and Scripting
I am running a shell script as user A. In that script I need to execute a sftp that would transfer the file using another user B.
I am using the below command:
sftp -oPort22 B@remote server
However, I am getting password prompts each time.
I have done the following:
Added the public... (4 Replies)
Discussion started by: mady135
4 Replies
8. Red Hat
Hi
I am exactly according to this link
CentOS 6 - Apache httpd - Enable Userdir : Server World
I Enabled userDirectory
Server version: Apache/2.2.15
CentOS release 6.8 (Final)
But Iget this Error
Forbidden
You don't have permission to access /~mn/index.html on this server
Goal... (2 Replies)
Discussion started by: mnnn
2 Replies
9. Shell Programming and Scripting
Hi All,
need your assistance, how can i change user again after i change my user.
here is the code that i tried
su - myuser #success
su - webuser ##what i want to try is to change user again to webuser from myuser account
my output is it cannot change to webuser account. only in... (8 Replies)
Discussion started by: meister29
8 Replies
LEARN ABOUT XFREE86
fs_setcell
FS_SETCELL(1) AFS Command Reference FS_SETCELL(1)
NAME
fs_setcell - Configures permissions for setuid programs from specified cells
SYNOPSIS
fs setcell -cell <cell name>+ [-suid] [-nosuid] [-help]
fs setce -c <cell name>+ [-s] [-n] [-h]
DESCRIPTION
The fs setcell command sets whether the Cache Manager allows programs (and other executable files) from each cell named by the -cell
argument to run with setuid permission. By default, the Cache Manager allows programs from its home cell to run with setuid permission, but
not programs from any foreign cells. A program belongs to the same cell as the file server machine that houses the volume in which the
program's binary file resides, as specified in the file server machine's /etc/openafs/server/ThisCell file. The Cache Manager determines
its own home cell by reading the /etc/openafs/ThisCell file at initialization.
To enable programs from each specified cell to run with setuid permission, include the -suid flag. To prohibit programs from running with
setuid permission, include the -nosuid flag, or omit both flags.
The fs setcell command directly alters a cell's setuid status as recorded in kernel memory, so rebooting the machine is unnecessary.
However, non-default settings do not persist across reboots of the machine unless the appropriate fs setcell command appears in the
machine's AFS initialization file.
To display a cell's setuid status, issue the fs getcellstatus command.
CAUTIONS
AFS does not recognize effective UID: if a setuid program accesses AFS files and directories, it does so using the current AFS identity of
the AFS user who initialized the program, not of the program's owner. Only the local file system recognizes effective UID.
Only members of the system:administrators group can turn on the setuid mode bit on an AFS file or directory.
When the setuid mode bit is turned on, the UNIX "ls -l" command displays the third user mode bit as an "s" instead of an "x". However, the
"s" does not appear on an AFS file or directory unless setuid permission is enabled for the cell in which the file resides.
OPTIONS
-cell <cell name>+
Names each cell for which to set setuid status. Provide the fully qualified domain name, or a shortened form that disambiguates it from
the other cells listed in the local /etc/openafs/CellServDB file.
-suid
Allows programs from each specified cell to run with setuid privilege. Provide it or the -nosuid flag, or omit both flags to disallow
programs from running with setuid privilege.
-nosuid
Prevents programs from each specified cell from running with setuid privilege. Provide it or the -suid flag, or omit both flags to
disallow programs form running with setuid privilege.
-help
Prints the online help for this command. All other valid options are ignored.
EXAMPLES
The following command enables executable files from the State University cell to run with setuid privilege on the local machine:
% fs setcell -cell stateu.edu -suid
PRIVILEGE REQUIRED
The issuer must be logged in as the local superuser root.
SEE ALSO
fs_getcellstatus(1)
COPYRIGHT
IBM Corporation 2000. <http://www.ibm.com/> All Rights Reserved.
This documentation is covered by the IBM Public License Version 1.0. It was converted from HTML to POD by software written by Chas
Williams and Russ Allbery, based on work by Alf Wachsmann and Elizabeth Cassell.
OpenAFS 2012-03-26 FS_SETCELL(1)