minimize use of root account
Polytropon
freebsd at edvax.de
Fri Feb 19 21:11:16 UTC 2016
On Fri, 19 Feb 2016 14:52:53 +0000, Arthur Chance wrote:
> On 19/02/2016 11:05, Polytropon wrote:
> > On Fri, 19 Feb 2016 16:29:43 +1100, Yudi V wrote:
> >> Hi all,
> >>
> >> currently I use the below script to load geli devices and import zpool. It
> >> needs to be run as root.
> >> how to run this script as normal user, is there a group that the user needs
> >> to be part of?
> >
> > No, not for this task.
> >
> > There are different ways to do it.
> >
> > 1. You can set the script itself to "run as root" (chmod +s) when
> > the script is owned by root:root. Regular users may then execute it.
>
> I thought suid scripts were disabled years ago because they were a major
> security loophole?
You're right - it's the case.
% ll root_test.sh
-rwsr-sr-x 1 poly poly 24 2016-02-19 19:25:20 root_test.sh*
% cat root_test.sh
#!/bin/sh
id -u
whoami
% ./root_test.sh
2000
poly
% sudo ./root_test.sh
0
root
I think this is fully intended.
--
Polytropon
Magdeburg, Germany
Happy FreeBSD user since 4.0
Andra moi ennepe, Mousa, ...
More information about the freebsd-questions
mailing list