HELP!!
Larry Dighera
root at conexch.UUCP
Wed Feb 1 06:06:14 AEST 1989
In article <6932 at killer.DALLAS.TX.US> barton at killer.DALLAS.TX.US (Barton Fisk) writes:
>I need a user to be able to run a shell script to disable a serial
>line for dial out.
>
>If anyone can help me do this without having to become root, I
>would greatly appreciate the help.
>
>Also, when I tried to invoke ungetty from the script before
>calling in my comm prog, the getty refused to be suspended and
>upon trying to dial-out afterwards the message "DIALOUT is on
>tty1A" was produced.
>
>Thanks again for any suggestions.
>
>
>Barton A. Fisk
There are many approaches that can be used to accomplish this. Most
of them will require that you trust the user of the communications
program to some extent.
Given that the files in question have the following default permissions:
-rwsr-xr-x 1 lp bin 19500 May 16 1988 /bin/disable
-rwsr-xr-x 1 lp bin 14932 May 16 1988 /bin/enable
crw-r----- 1 uucp uucp 5,128 Jan 31 11:54 /dev/tty1A
-rw-rw-r-- 1 root root 304 Jan 31 10:59 /etc/ttys
you could put the communications program user in a unique group during the
communications session with the newgrp command, and have the group
on the above files set to that group. This is probably the simplest.
The program below will allow users to run execute-only shell scripts
as though they were root. So, if you put the disable command (and any
other necessary commands) in a small shell script and call that script
as an argument to exonly, it should work. You can use group permissions
to limit the accessibility of exonly to trusted users.
On the other hand, depending on security considerations on the system,
you may find this approach unacceptable.
Larry Dighera
=========================== exonly.c begins =============================
/*
* exonly.c
* Author: Stephen Kochan
* exonly opens the (execute-only) shell program,
* given as the first argument, onto
* standard input and executes the shell.
*
* exonly must be SUID to the owner
* of the shell program or root.
*
*
* This source is based on the listing in the June '87 issue of
* UNIX/WORLD Magizine, pp 95. Entered by Larry Dighera
* The Consultants' Exchange BBS (714) 842-6348/5851.
*/
#include <stdio.h>
main (argc, argv)
int argc;
char *argv[];
{
/*
* Check number of arguments. If < 2, no file
* was specified, so generate error message and exit.
*/
if (argc < 2) {
fprintf (stderr, "exonly: needs file\n");
exit (1);
}
/*
* Check accessibility of shell program by REAL uid.
*/
if (access (argv[1], 1) == -1) {
fprintf (stderr,
"exonly: cannot execute %s\n",argv[1]);
exit (2);
}
/*
* Close standard inpput and re-open with first argument.
* Generate error message if file can't be opened.
*/
close (0);
if (open (argv[1], 0) < 0) {
fprintf (stderr,
"exonly: cannot open %s\n", argv[1]);
exit (3);
}
/*
* Turn off setuid/setgid capability now that file is open.
*/
/*
* (You may want to comment this out depending on the necessity
* for your user to have an effective id of root to run
* the necessary commands.)
*/
setgid (getgid ());
setuid (getuid ());
/*
* Set up argument list to /bin/sh.
*/
argv[0] = "/bin/sh";
argv[1] = "-s"; /* reads shell script from stdin */
/*
* exec /bin/sh with -s option. Pass any arguments
* along in the argv list. Print error message
* if we can't exec /bin/sh.
*/
execv ("/bin/sh", argv);
fprintf (stderr,
"exonly: cannot exec /bin/sh\n");
exit (4);
}
=========================== exonly.c ends =============================
--
USPS: The Consultants' Exchange, PO Box 12100, Santa Ana, CA 92712
TELE: (714) 842-6348: BBS (N81); (714) 842-5851: Xenix guest account (E71)
UUCP: conexch Any ACU 2400 17148425851 ogin:-""-ogin:-""-ogin: nuucp
UUCP: ...!uunet!turnkey!conexch!root || ...!trwrb!ucla-an!conexch!root
More information about the Comp.unix.xenix
mailing list