[Tfug] Scripting Question

James Hood ebenblues at gmail.com
Sat May 9 09:47:20 MST 2009


On Sat, Apr 18, 2009 at 3:12 AM, Choprboy <choprboy at dakotacom.net> wrote:
> The first is fairly easy. However, you can not have something executable
> without being readable (directories excepted), in order to execute it your
> must have permission to read and interpret it. You can do this by creating
> your script to perform the action, changing the ownership to root, and then
> applying the "set user ID" flag on the permissions, "chmod 4755 script.sh"
>    -rwsr-xr-x 1 root root 123 Apr 1 script.sh

I believe some linux distros don't allow you to run suid root shell
scripts because of the security issues brought up by Adrian. If all
you want to do is allow users to mount a device, you should look into
the "user" option of mount.

>From the mount man page:

       (iii) Normally, only the superuser can mount  file  systems.   However,
       when  fstab  contains  the user option on a line, anybody can mount the
       corresponding system.

       Thus, given a line
              /dev/cdrom  /cd  iso9660  ro,user,noauto,unhide
       any user can mount the iso9660 file system found on his CDROM using the
       command
              mount /dev/cdrom
       or
              mount /cd
       For  more details, see fstab(5).  Only the user that mounted a filesys-
       tem can unmount it again.  If any user should be able to unmount,  then
       use users instead of user in the fstab line.  The owner option is simi-
       lar to the user option, with the restriction that the user must be  the
       owner  of  the  special  file. This may be useful e.g. for /dev/fd if a
       login script makes the console user owner of this  device.   The  group
       option is similar, with the restriction that the user must be member of
       the group of the special file.

The permissions issue might be resolved using group permissions on the
mounted device. Or if it's a filesystem that doesn't use permissions
like Fat32, you can actually specify what the permissions of the
mounted files should be using another mount option.

Good Luck,
James

--
"The humble learn the fastest because they don't waste time on
defending a false image."




More information about the tfug mailing list