What controls "allowed" suid programs?
I have a small server up and running with SuSE 6.4. I wrote a Perl script that needs to be run suid in /usr/local/bin by a few trusted users, but I keep getting the following error: trusted@foo> /usr/local/bin/foobar.pl Can't do setuid First of all, what's generating that particular message? I had run the harden_suse script (with the suggested "server" settings), and have looked over the /etc/undo_harden_suse script as well, but I can figure out what's generating that error message, and what controls which suid programs are allowed to run. Can someone point me in the right direction? Jason P. Stanford Lehigh Univesity Integrated Product Development Jason.Stanford@pobox.com __________________________________________________ Do You Yahoo!? Kick off your party with Yahoo! Invites. http://invites.yahoo.com/
On Sun, Jul 30, 2000 at 07:25:21PM -0700, Jason P. Stanford wrote:
I have a small server up and running with SuSE 6.4. I wrote a Perl script that needs to be run suid in /usr/local/bin by a few trusted users, but I keep getting the following error:
trusted@foo> /usr/local/bin/foobar.pl Can't do setuid
First of all, what's generating that particular message? I had run the harden_suse script (with the suggested "server" settings), and have looked over the /etc/undo_harden_suse script as well, but I can figure out what's generating that error message, and what controls which suid programs are allowed to run.
Can someone point me in the right direction?
$ mount /dev/hda2 on /dos/c type vfat (rw,noexec,nosuid,nodev,umask=022,uid=500,gid=500,mode=777,nocheck) ^^^^^^ that is the first one I can think of. Good luck, Jurriaan -- And you all thought I was harmless. MUAHAHAHAHAHAHAHAHAHAAAAA.... GNU/Linux 2.2.17pre12 SMP 2 users load av: 0.03 0.05 0.01
On Sun, Jul 30, 2000 at 19:25 -0700, Jason P. Stanford wrote:
I have a small server up and running with SuSE 6.4. I wrote a Perl script that needs to be run suid in /usr/local/bin by a ^^^^^^ ^^^^ few trusted users, but I keep getting the following error:
trusted@foo> /usr/local/bin/foobar.pl Can't do setuid
Probably because it runs as a "normal" user (or strictly speaking under the normal user's uid). This is a FAQ, you can find a few thousand articles about it in the UNIX forums' archives. Scripts don't care about the setuid bit, their interpreters should run privileged. Or use a (binary) setuid wrapper. virtually yours 82D1 9B9C 01DC 4FB4 D7B4 61BE 3F49 4F77 72DE DA76 Gerhard Sittig true | mail -s "get gpg key" Gerhard.Sittig@gmx.net -- If you don't understand or are scared by any of the above ask your parents or an adult to help you.
participants (3)
-
Gerhard Sittig -
Jason P. Stanford -
thunder7@xs4all.nl