From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from lists.gentoo.org ([140.105.134.102] helo=robin.gentoo.org)
	by nuthatch.gentoo.org with esmtp (Exim 4.43)
	id 1DvM02-0006Uh-8L
	for garchives@archives.gentoo.org; Wed, 20 Jul 2005 21:21:06 +0000
Received: from robin.gentoo.org (localhost [127.0.0.1])
	by robin.gentoo.org (8.13.4/8.13.4) with SMTP id j6KLItTD018214;
	Wed, 20 Jul 2005 21:18:55 GMT
Received: from smtp018.mail.yahoo.com (smtp018.mail.yahoo.com [216.136.174.115])
	by robin.gentoo.org (8.13.4/8.13.4) with SMTP id j6KLCr9S005474
	for <gentoo-user@lists.gentoo.org>; Wed, 20 Jul 2005 21:12:54 GMT
Received: (qmail 42214 invoked from network); 20 Jul 2005 21:13:03 -0000
Received: from unknown (HELO ?192.168.50.105?) (richard?j?fish@212.180.33.26 with plain)
  by smtp018.mail.yahoo.com with SMTP; 20 Jul 2005 21:13:02 -0000
Message-ID: <42DEBF0F.6020101@asmallpond.org>
Date: Wed, 20 Jul 2005 23:15:59 +0200
From: Richard Fish <bigfish@asmallpond.org>
User-Agent: Mozilla Thunderbird 1.0.5 (X11/20050715)
X-Accept-Language: en-us, en
Precedence: bulk
List-Post: <mailto:gentoo-user@lists.gentoo.org>
List-Help: <mailto:gentoo-user+help@gentoo.org>
List-Unsubscribe: <mailto:gentoo-user+unsubscribe@gentoo.org>
List-Subscribe: <mailto:gentoo-user+subscribe@gentoo.org>
List-Id: Gentoo Linux mail <gentoo-user.gentoo.org>
X-BeenThere: gentoo-user@gentoo.org
Reply-to: gentoo-user@lists.gentoo.org
MIME-Version: 1.0
To: gentoo-user@lists.gentoo.org
Subject: Re: [gentoo-user] non-sudo way for user to run shutdown -h now? (or
 any equivalent)
References: <5bdc1c8b05072010296257e670@mail.gmail.com>	 <42DE8E28.1020304@asmallpond.org>	 <5bdc1c8b0507201106217db34a@mail.gmail.com> <cee44eb3050720121665b84b60@mail.gmail.com>
In-Reply-To: <cee44eb3050720121665b84b60@mail.gmail.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Archives-Salt: 1d47ce2c-4b3a-4e91-96f7-c8ab7580e4f7
X-Archives-Hash: e8b2c019f8f96c692ebac64d56682ffe

Wade Brown wrote:

>I thought linux wouldn't allow suid shell scripts to work as suid. 
>The reasoning is a shell script doesn't quite execute, it gets
>interpeted by the command on the first line.  Just as a test I made a
>simple script modded root.root 4755 that consists of the /bin/bash
>line, and cat /etc/shadow.  Root can run just fine obviously, but
>permissions don't exist for other users to do that.
>
>  
>

Works fine on my machine.  /opt/vmware/lib/vmware/bin/vmware-vmx is a 
setuid shell script that I wrote to startup vmware with the wrapper 
library to get vmware to work with arts.  Also my permissions on that 
file are 4711, so maybe there is something special about the global read 
bit?  Or possibly dependant upon what LSM modules you have loaded/enabled?

>What may work a little better is either chmod s+x `which shutdown`, or
>writing a C wrapper and modding that s+x.
>  
>

I agree that the C wrapper is definetly the most secure option.

-Richard

-- 
gentoo-user@gentoo.org mailing list