After receiving a lot of response it seems like it is not possible to use SUID with shell scripts on Solaris (even with /bin/ksh). Here is the reason why : http://www.faqs.org/faqs/unix-faq/faq/part4/section-7.html I know that was a security issue, but as I was not using a SUID with root, that was acceptable for me. People suggest me to use a C wrapper or to use Perl script with a setuid package. I receive suggestions about using use a script in root crontab and running it every day, but I was not very happy with this kind of solution because I want to job to be part of an existing batch job running under adminsm authority. So the best solution for me was to change the group of the /path/to/report/to/delete directory and to adminsm, add the g+w permission and the SGID permission. So it will look like that. drwxrwsr-x 2 weblogic adminsm 1536 Feb 15 09:51 GeneratedReports This way, files create in this directory by the application running under weblogic authority will be created with adminsm group, even if weblogic is not part of adminsm group. After, I just need to do an rm -f with my script running with adminsm user authority. -----Original Message----- From: Bousquet Francois Sent: February 16, 2005 3:30 PM To: Mailing List - SunManagers (E-mail) Subject: setuid on a sh script file Ok here is my problem : I need to delete pdf report files generated by an application on a folder on a regulay basis. I need to keep the files of the last 7 days. The files to delete are own by the weblogic user, group other : -rw-r--r-- 1 weblogic other 8647 Feb 8 16:00 report_48_717.pdf I have a batch job that is running daily under the authority of another user (adminsm) and I want it to be able to delete those files. So I have create a small script : #!/bin/sh find /path/to/report/to/delete -mtime +7 -type f -exec rm {} \; and give it the following permissions -rwsr-x--- 1 weblogic adminsm 294 Feb 2 10:16 rmxRapGenere.sh adminsm is a member of the adminsm group. With these permission, the adminsm user should be able to execute the rmxRapGenere.sh script with weblogic user authority ? Isn't that the use of a setuid permission ? The problem is that the script is execute with adminsm authority, I can see it in the "ps -ef" output and I can't delete the files (I've got a permission denied on the rm command). Is it like this that the setuid permission should work ? Does the setuid affects the execution of the script and all sub command (find & rm) ? I am on Solaris 7 and my ufs mount have the suid option. /dev/dsk/c0t0d0s0 / ufs rw,suid,dev=800000,largefiles 1100741267 _______________________________________________ sunmanagers mailing list sunmanagers@sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagersReceived on Wed Feb 16 17:47:08 2005
This archive was generated by hypermail 2.1.8 : Thu Mar 03 2016 - 06:43:43 EST