[svlug] Giving admin. power to a web mgmt. interface
lists at cyclades.com
Tue Nov 13 11:55:02 PST 2001
Now I'm coming back to this subject, so please see below.
On Sat, 3 Nov 2001, Marc MERLIN wrote:
> Write the must be root part in a small perl script, make that suid root,
> make the apache deamon part or a special group, and make the perl script
> root.thatgroup 2750
As this was the most common (and most sound) solution, that's what I'm
goinf for. So, I tried that and ...
$ ls -l /tmp/test-scr
-rwsr-x--- 1 root staff 31 Nov 13 11:36 test-scr
$ cat /tmp/test-scr
$ ls -ld /root
drwxr-xr-x 8 root root 4096 Nov 13 11:36 /root
$ /tmp/test-scr "ls -l /root"
-rw-r--r-- 1 root root 280 Nov 9 16:51 backup.files
-rwx------ 1 root root 779 Nov 7 18:00 backup.sh
-rw-r--r-- 1 root root 1181 Nov 13 10:38 lala
drwx------ 2 root root 4096 Oct 10 10:23 mail
drwxr-xr-x 4 root root 4096 Nov 7 12:36 tmp
$ /tmp/test-scr "cp /root/lala /root/lele"
cp: cannot create regular file `/root/lele': Permission denied
Why am I not being able to create the file /root/lele, if the script is
supposed to be run as root (as it has the setUID bit) and the /root
directory has write permission to root (of course :)?? I mean, if I'm
really root I can execute the command with no problems, so why can't the
script do it??
Thanks in advance for any insight!!
P.S.: Marc, I know you said 2750, but I think that was probably a typo and
you meant 4750. Anyhow, I tried with 2750, 4750 and 6750, with the same
results. If that's all wrong, please let me know.
P.S.2: I know I can use xargs instead to avoid the need for double quotes
when calling the script. This was just a quick test (the final version
will have much more than that ...).
More information about the svlug