another option is to port the script into c program binary ... chmod 711 binary and place it in a protected directory ... users can then run the program at will without being able to read anything as long as they have the correct path ... encrypt all source code in a protected directory ... sample below runs hostname in shtest ... lstest is just a copty of /bin/ls ...
if taking this option, make sure you account for what the users may want to change (i.e., different file path, current time, logfile name, etc.) so there is no constant recompile and looking at the sourcecode ...
from regular user perspective:
from root's perpective:
the sudo method mentioned earlier works similarly, denying them the ability to read it, while letting you run actual shell scripts as whatever user you want.
Admittedly, the LINUX culture had gone sadly root/sudo, and that is only not-root-user-safe and no-backdoor-file-access-safe.
You cannot keep anything safe from root. Period. No ifs, ands or buts. The sudo method is not the cause of this problem, simply an acknowledgement of it; if you can't deny them access to the files, don't bother!
Security via obscurity only protects you if your invaders are easily bored.
Just learning about the privilege escalation method provided by setuid. Correct me if I am wrong but what it does is change the uid of the current process to whatever uid I set. Right ?
So what stops me from writing my own C program and calling setuid(0) within it and gaining root privileges ?
... (2 Replies)
Hi,
i am new here let me say HI for all.
now i have a question please:
i am sending one command to my machine to create 3 names.
if one of the names exists then the box return error message that already have the name but will continue to create the rests.
How i can break the command and... (7 Replies)
Hi,
OS : Linux
I have an executable (P1) owned by user say "abcd" and the setuid bit is set. And there is another executable (P2) which brings up the process (P1).
When the setuid bit is set, the process P1 is failing, if the setuid bit is not set there is no issue.
I was wondering if... (6 Replies)
Hi everyone,
when executing this command in unix:
echo "WM7 Fatal Alerts:", $(cat query1.txt) > a.csvIt works fine, but running this command in a shell script gives an error saying that there's a syntax error.
here is content of my script:
tdbsrvr$ vi hc.sh
"hc.sh" 22 lines, 509... (4 Replies)
Hello everyone,
I have a radio wireless called UBNT Nanostation5
It has this linux OS:Linux version 2.4.27-ubnt0
When i want to write a script in ssh, i get some errors
The script is:
ifconfig eth0 down
ifconfig eth0 hw ether 00:15:6D:**:**:**
ifconfig eth0 up
cfg -x
echo... (1 Reply)
Hi,
We have smb client running on two of the linux boxes and smb server on another linux system. During a backup operation which uses smb, read of a file was allowed while write to the same file was going on.Also simultaneous writes to the same file were allowed.Following are the settings in the... (1 Reply)
i have a script that will retrive some info from database. The script is working fine but i have to add new feature in it when the script fails or retrive null result it should reflect in the log file.
below the script AMR_Inactive.sh
while read i
do
connect1=`sqlplus -silent... (3 Replies)
I am researching ways in which to backup files or whole file systems for backup to another system.
We are using Suse Linux 7.0 with no tape backup devices or secondary disks.
What utilities would be the best to use for a simple yet flexible script for backup purposes?
tar, cpio, compress. (3 Replies)