Once in a blue moon, I run into a problem where an application program needs to run a utility which requires super user privileges. The latest example was the need to set the date and time from a GPS, so the simplest solution was to change the date command to SUID Root.
# whereis date
/bin/date
# chmod u+s /bin/date
A ls -l will now show rws instead of rwx and the date command will run with root privileges when it is launched by an unprivileged user.
Here is a little script that I use to make my life easier in the lab:
#! /bin/bash
echo Set the network utilitites to SUID root so that a common user can run them
chmod u+s /usr/sbin/dhclient
chmod u+s /usr/sbin/ifconfig
chmod u+s /usr/sbin/route
chmod u+s /usr/sbin/ip
chmod u+s /usr/bin/systemctl
You should of course do this with care and think about the security implications when you enable this feature on a command.
La voila!
# whereis date
/bin/date
# chmod u+s /bin/date
A ls -l will now show rws instead of rwx and the date command will run with root privileges when it is launched by an unprivileged user.
Here is a little script that I use to make my life easier in the lab:
#! /bin/bash
echo Set the network utilitites to SUID root so that a common user can run them
chmod u+s /usr/sbin/dhclient
chmod u+s /usr/sbin/ifconfig
chmod u+s /usr/sbin/route
chmod u+s /usr/sbin/ip
chmod u+s /usr/bin/systemctl
You should of course do this with care and think about the security implications when you enable this feature on a command.
La voila!
No comments:
Post a Comment
On topic comments are welcome. Junk will be deleted.