In <4A26CBE0.23F4.0029.1@TMF-Group.com>, Dominique Leuenberger wrote:
On 6/3/2009 at 7:05 PM, Chuck Payne
wrote: I need to write a script that gives one use access to stop and start apache, I don't want to give them sudo.
A friend gave me this c script.....but it not working is there a way to do this in bash?
No, there's no equivalent to the C language setuid() call in bash.
Also I know with bash I can do sh -x to debug, how to you debug in c?
Compile with -g3 -ggdb flags and then use gdb.
#include
#include #include #define REAL_SH "/usr/local/script/scr.sh" main(argc, argv) char **argv; { setuid(0); execv(REAL_SH, argv); } this program would require to be set setuid to work properly.
That's: chmod +s $program if you want to get it to work.
Then you can as well give sudo to the user.
Well, not really. As long as the script is written with security in mind, this C program is not going to be a problem.
For your usecase, sudo might actually be the good way to go.
I agree. You don't want to give the user access to all commands, just a few. So, you should add something like: APACHE_CTL = /sbin/service apache2 * APACHE_ADM = username APACHE_ADM ALL=NOPASSWD: APACHE_CTL to your /etc/sudoers, by using the visudo command. The first line creates a command alias "APACHE_CTL" (Apache control) that is equivalent to the "/sbin/service" command with the first argument of "apache2" and anything as the second argument. I don't have Apache installed here, you might have to change that first argument to match the name of the file under /etc/init.d that controls Apache. If he needs access to a few more commands, you can append them here. The second line create a user alias "APACHE_ADM" (Apache administrators) that is equivalent to just one user "username". You could also add yourself or a group, as needed. The last line says that APACHE_ADM on any host can run APACHE_CTL as root without a password. -- Boyd Stephen Smith Jr. ,= ,-_-. =. bss@iguanasuicide.net ((_/)o o(\_)) ICQ: 514984 YM/AIM: DaTwinkDaddy `-'(. .)`-' http://iguanasuicide.net/ \_/