1

I am a root user. I want to auto run a script for all the users after login in a root mode. I did find my way to auto run a script for all the users. But for the normal users the permission is denied. Is there any workaround for this?

Rabin
  • 418
  • 3
  • 13

2 Answers2

1

You should use sudo - your command available in root mode without password for user or group

Cmnd_Alias YCMD = /usr/local/somecommand
username  ALL=YCMD, NOPASSWD: YCMD
kwarunek
  • 12,141
  • 4
  • 43
  • 48
  • The script is ran by my system automatically. In this context would it help?? – Rabin Aug 04 '13 at 23:34
  • You can create a dummy-user that runs 'sudo /usr/local/somecommand' in a crontab or something. That reduces the potential abuse from 'everyone on your system' to 'one user with a starred password'. sudo also lets you clean environment variables and other things to make running privileged code safer. sudo is what you want. – synthesizerpatel Aug 04 '13 at 23:49
0

Make sure the script is owned by root and then try setting the setuid:

# chown root:root script.sh
# chmod +s script.sh
# exit
$ ./script.sh (executed as a normal user, but will have root mode)

The setuid permission make the executable to be executed with the permissions of the owner (root in this case).

But be careful! You could be opening a hole that can be abused to gain root. (but any other solution you try to run an script by an user in root mode will provide the same risk. This solution is not more vulnerable as the others)

chris-l
  • 2,802
  • 1
  • 18
  • 18
  • chown root.root script.sh says root.root:unknown user name. I tried chown root script.sh . And at the end it did nothing... – Rabin Aug 04 '13 at 23:43
  • @Rabin Yes. try replacing the dot for colon. chroot root:root script.sh ...and replace `script.sh` for your actual script – chris-l Aug 04 '13 at 23:44
  • FWIW - bash, arguably the most widely spread shell in the unix world will not allow you to run suid scripts like this anymore. It has a bunch of dummy-checks that will stymie you. Unsure about tcsh. But, given the huge amount of security holes (reading in environment variables and modifying the program, taking advantage of programs that are run without explicit paths (i.e. export PATH=.:$PATH;ln -s /bin/bash ls;./run-script-that-uses-ls-without-specifying-bin-ls') .. It is strongly and consistently advised to all script authors to not use SUID scripts unless you REALLY know what you're doing. – synthesizerpatel Aug 04 '13 at 23:47
  • Hm I see. Say, @Rabin, what does your script do? Why you need root mode on it? – chris-l Aug 04 '13 at 23:49
  • @Chris the root:root worked but the permission is still denied. I am using Minix3. Would that be an issue here? – Rabin Aug 04 '13 at 23:54
  • i am running ifconfig eth0 down for the all users from bash script after login. It's my final project in college, so just trying weird things I guess – Rabin Aug 04 '13 at 23:54
  • ahhh then set the setuid to ifconfig instead. Find out where it is with `whereis ifconfig`. If it is an school project I guess the security hole does not matter, right? (The security hole is that with that, anyone can execute ifconfig like root. Are you ok with that?) – chris-l Aug 04 '13 at 23:57
  • Yes it doens't matter. But just curious if you set the Uid of ifconfig. Can't the user ifconfig eth0 up again from bash ? – Rabin Aug 05 '13 at 00:00
  • YES. That is the hole ;) – chris-l Aug 05 '13 at 00:01
  • Permission denied again. I am doin this in Minix3. – Rabin Aug 05 '13 at 00:09
  • Sorry, maybe is a minix thing. I don't know. In my linux system, it works correctly (I just try it). Maybe you should edit your question and add the minix tag – chris-l Aug 05 '13 at 00:14