Return to BSD News archive
Path: euryale.cc.adfa.oz.au!newshost.carno.net.au!harbinger.cc.monash.edu.au!munnari.OZ.AU!news.ecn.uoknor.edu!qns3.qns.net!imci4!newsfeed.internetmci.com!in2.uu.net!ns3.iamerica.net!xavier.varmm.com!amusgrov From: amusgrov@varmm.com (AJ Musgrove) Newsgroups: comp.unix.amiga,comp.unix.bsd.netbsd.misc Subject: Re: NetBSD PERL Setuid problem Followup-To: comp.unix.amiga,comp.unix.bsd.netbsd.misc Date: 31 Jul 1996 13:49:30 GMT Organization: LDS iAmerica Lines: 37 Message-ID: <4tno9a$4j0@ns3.iamerica.net> References: <31F7FAA2.7341@cqc.com> NNTP-Posting-Host: xavier.varmm.com X-Newsreader: TIN [version 1.2 PL2] Xref: euryale.cc.adfa.oz.au comp.unix.amiga:13627 comp.unix.bsd.netbsd.misc:4209 Dana Canfield (dcanfiel@cqc.com) wrote: : I've been trying to get some setuid perl scripts to run, and have had no : luck. I've asked some of the best NetBSD experts I know, and they don't : know how to do it either. So, could somebody please explain to me : exactly how I can make a perl script switch to root? Specifically, what : bits need to be set and what command needs to be run (I have a bad : suspicion there might be some recompiling of PERL involoved, but i'm not : sure). What's in it for you is a single, powerful PERL script I've : written which allows your non-unix tech support guys to add and edit : user accounts. It's very intuitive and uses a PIN number system to : allow multiple security levels, and is entirely self-contained. I : intend to use it to allow my tech support people to verify & change : end-user passwords, and allow my sales people to enter new accounts. : Unfortunately, it has to be run from the command line as root right now, : which does almost no good because I don't want my tech support and sales : people to have root access. If I can get this setuid thing figured out, : it will not only allow me to do all that stuff, but will allow for full : account system administration via WWW. : Anyone who helps me get going can have a copy. Thanks much. BE CAREFUL. Make sure that if you have user admin via the web, that no one can just get there. make sure your passcodes are secure, etc. Anyway, I don't have NetBSD, but on Solaris, as root, make sure the program is owned by root, and chmod it to 4711. That way, anyone can execute, but only root can read (so no one cat read the passcodes). The 4 turns on the suid bit. -- AJ Musgrove ---------------------------------------------------------------- My opinions do not necessarily reflect those of MFS, or anyone else for that matter. O- ----------------------------------------------------------------