Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Allow user without dir write permission to execute a script that creates files
Top Forums UNIX for Advanced & Expert Users Allow user without dir write permission to execute a script that creates files Post 302881817 by waavman on Wednesday 1st of January 2014 07:43:54 PM
Old 01-01-2014
I chose the setuid option because with the sudoers option, for every new script we add, there would be dependency on the SA's adding the script entry to the sudoers file.
With the setuid option I am able to get half way there. But I am facing this issue. I just simplified the script for asking the question in this forum. The C binary is name 'invokescript'. This script basically invokes the shell script passed as argument to it using execvp

wrapperscript.ksh invokes script.ksh as follows
Code:
#!/usr/bin/ksh
/tmp/invokescript /tmp/script.ksh

script.ksh has the following lines. Note that env.sh sets up the PATH and LD_LIBRARY_PATH environment variables fort ORACLE command line interface sqlplus 

#!/usr/bin/ksh
. <path>/env.sh
echo "LD_LIBRARY_PATH=$LD_LIBRARY_PATH"
echo "LDD OUTPUT"
ldd `which sqlplus`
echo "SQLOUTPUT"
sqlplus -s dbuser/dbpasswd@dbname <<EOF
sqlstatement;
EOF

script.ksh, wrapperscript.ksh and invokescript are owned by user 'cdds'
invokescript C binary has SETUID bit set for owner 'cdds'.

When the owner 'cdds' runs wrapperscript.ksh I get the following output:

L
Code:
D_LIBRARY_PATH=blahblahblah:/app/oracle/lib:blahblahblah
LDD_OUTPUT
blahblahblah=>blahblahblah
libsqlplus.so=>/app/oracle/lib/libsqlplus.so (0x00002b03d8075000)
libc.so.6=>/lib64/libc.so.6 (0x00002b03.....)
blahblahblah=>blahblahblah

SQLOUTPUT
<The correct sqloutput comes here>

But when I run wrapperscript.ksh as 'cddsoper' user I get an error that can be understood by the following output:

Code:
LD_LIBRARY_PATH=blahblahblah:/app/oracle/lib:blahblahblah
LDD_OUTPUT
blahblahblah=>blahblahblah
libsqlplus.so=> not found (0x00002b03d8075000)
libc.so.6=>/lib64/libc.so.6 (0x00002b03.....)
blahblahblah=>blahblahblah

sqlplus: error when loading shared libraries: libsqlplus.so: cannot open shared object file: no such file or directory

Based on the above output the question is as follows:
Even though the LD_LIBRARY_PATH contains the same value whether we run the wrapperscript.ksh as owner 'cdds' or user 'cddsoper' and /app/oracle/lib exists in both runs, when running as 'cddsoper', ldd sqlplus cannot find libsqlplus.so even though /app/oracle/lib is in LD_LIBRARY_PATH.
As a result the call to sqlplus fails when using 'cddsoper' account.
Why is that ?

Any help would be much appreciated.

thanks
 

9 More Discussions You Might Find Interesting

1. Shell Programming and Scripting

Find all files with group read OR group write OR user write permission

I need to find all the files that have group Read or Write permission or files that have user write permission. This is what I have so far: find . -exec ls -l {} \; | awk '/-...rw..w./ {print $1 " " $3 " " $4 " " $9}' It shows me all files where group read = true, group write = true... (5 Replies)
Discussion started by: shunter63
5 Replies

2. Solaris

cant able to change permission in a DIR as root user

Hi my directory not accepting any commands. its simply telling permission denied. i tried ( cp, mv, rm ) as roor i want to set default permissons to this DIR please find the Logs below. dr-xr-xr-x 1 root root 1 Jun 1 09:04 AP1_ROP ( original dir) root> chmod 777... (5 Replies)
Discussion started by: vijayq8
5 Replies

3. Shell Programming and Scripting

write permission to a perticular user to a directory

Hi, The requirement is like, the program needs 2 argument one is user_id and second one is directory path. My script will check if that user_id has write access to the directory path. The directory path may be in any file system like AFS or NFS. Can any one please suggest some points to... (1 Reply)
Discussion started by: siba.s.nayak
1 Replies

4. Shell Programming and Scripting

search any user files with write permission

Guys, i wanna get any user files with write permission (on user or group permission) for review but i confuse with -perm parameter. any body can help me to explain what is that mean? thank's (1 Reply)
Discussion started by: michlix
1 Replies

5. Shell Programming and Scripting

perl script to check read/write/execute permission for 'others'

I want to check access rights permissions not for 'user', not for 'group', but for 'others'. I want to do it by system command in which i want to use 'ls -l' and 'awk' command. I have written the following program : #!/usr/bin/local/perl #include <stdlib.h> system ("ls -l | awk... (1 Reply)
Discussion started by: shubhamsachdeva
1 Replies

6. UNIX for Dummies Questions & Answers

Provide execute permission to a user

Hi, I have a shell script(test.sh) and need to give execute permission for this shell script to user group cobr_sftp and oracle. Could you please help as to how to give this permission. I have already given full access(777) to script test.sh. Does this mean all the users/user group can access... (1 Reply)
Discussion started by: abhi_123
1 Replies

7. Web Development

Apache write permission issues to another user owned directory

Hi I am trying to make a web program which is command line equivalent. i have done the coding in cgi program in perl and html for basic forms to take inputs. when i ran the program from web application i see permission denied messages. after analyzing i found apache is running as wwwrun which... (2 Replies)
Discussion started by: rakeshkumar
2 Replies

8. UNIX for Beginners Questions & Answers

Setting write permission for particular user

Hi All, We have a scenario in production where we want only one user from a group to modify the file. The file is not set to write permission for application manager. -r--r--r-- 1 amgr u00 15661716 Aug 30 00:06 DCI.dat So here amgr will have permission to edit the file. We want a... (10 Replies)
Discussion started by: arunkumar_mca
10 Replies

9. AIX

Assign read write permission to the user for specific dir and it's sub dir and files in AIX

I have searched this quite a long time but couldn't find the right method for me to use. I need to assign read write permission to the user for specific directories and it's sub directories and files. I do not want to use ACL. I do not want to assign user the same group of that directories too.... (0 Replies)
Discussion started by: blinkingdan
0 Replies

LEARN ABOUT SUNOS

use

USE(1)								   User Commands							    USE(1)

NAME

       use - Frontend to the Usepackage Environment Manager

SYNOPSIS

       csh and derivatives:
	       source /usr/share/usepackage/use.csh

       bourne shell and derivatives:
	       source /usr/share/usepackage/use.bsh

       korn shell:
	       . /usr/share/usepackage/use.ksh

       use [-vs] [-f file] package ...

       use -l

DESCRIPTION

       Usepackage  is an environment management program. It is based on the principle of packages - collections of executables that share a common
       set of necessary environment variables, such as PATH, MANPATH or LD_LIBRARY_PATH.

       For each given package, use sources the appropriate environment information into the current shell.  The environment information is  speci-
       fied in a configuration file, see usepackage(1).

   OPTIONS
       -v     Output verbose information to the standard error stream.

       -s     Silence  warnings  for  un-matched  packages. This is useful in a shell rc script when a package is known not to be available on all
	      architectures that the shell is used on.

       -f file
	      Specify an alternate initial configuration file.

       -l     List available packages and groups.

FILES

       /usr/share/usepackage/usepackage.conf
		      The default configuration file.

       /usr/share/usepackage/use.csh
		      Shell setup for csh and derivatives.

       /usr/share/usepackage/use.bsh
		      Shell setup for bourne shell and derivatives.

       /usr/share/usepackage/use.ksh
		      Shell setup for ksh.

       /usr/bin/usepackage
		      The underlying Usepackage executable.

ENVIRONMENT

       Other than the reading and re-definition of environment variables for package setup, use also uses the following environment variables  for
       user configuration:

       PACKAGES_PATH  Colon-separated  path  list  giving  the directories to search for configuration files. Shell-style tilde (~) user-directory
		      escapes are expanded.

       HOME	      If present in the environment, this is used to provide the expansion for the tilde (~) user-directory.

       SHELL	      If present in the environment, the last path component of this is used for shell matching (see  SYNTAX)  and  detecting  the
		      style of environment output that should be used, see usepackage(1).

COPYRIGHT

       Usepackage Environment Manager
       Copyright (C) 1995-2005	Jonathan Hogg

       This  program  is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by
       the Free Software Foundation; either version 2 of the License, or (at your option) any later version.

       This program is distributed in the hope that it will be useful, but WITHOUT ANY	WARRANTY;  without  even  the  implied	warranty  of  MER-
       CHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for more details.

       You  should  have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation,
       Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA

SEE ALSO

       usepackage(1), csh(1), sh(1), ksh(1)

Usepackage						   $Date: 2005/12/11 16:42:09 $ 						    USE(1)
All times are GMT -4. The time now is 03:21 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy