0

  1. What SUID\SGUID I need to add for sh script for root executable of it? I want to see working script with root rights from php exec function.

    exec('cd /usr/share/htvcenter/local-server/bin/ && ./panelhost-local-server-nfsip >> log.txt');

  2. What I must to add to config file as well for see another file like config? I want to see /etc/exports_add like continue of config /etc/exports is it possible?

butteff
  • 115
  • 2
  • 9
  • (1) Shell scripts [can't be suid](http://stackoverflow.com/questions/18698976/suid-not-working-with-shell-script). It's nothing *in* the file, but just a file flag, btw. (2) Be more precise. – mario Aug 13 '15 at 18:19
  • suid shell scripts are risky. they're generally not allowed, because on some systems there's a small window open where a malicious user can REPLACE the suid'd script between the time the shell fires up and the shell starts loading the script code. – Marc B Aug 13 '15 at 18:20
  • @mario, how I can execute script with root rights? I Need to restart daemon and add few strings to config file. – butteff Aug 13 '15 at 18:23
  • @MarcB, and how I can create secure config changing from web interface and daemon restart without root shell script? – butteff Aug 13 '15 at 18:24
  • that's why there's `sudo`. – Marc B Aug 13 '15 at 18:25
  • @MarcB I can't do sudo from php exec and type pasword there – butteff Aug 13 '15 at 18:31
  • 1
    http://serverfault.com/questions/160581/how-to-setup-passwordless-sudo-on-linux – Marc B Aug 13 '15 at 18:32
  • @MarcB all other bad things can be done after it without password, just with sudo. It is not more secure, than one SUID for one file, which do one easy thing – butteff Aug 13 '15 at 18:44
  • and how goes leaving a shell script with root privs make things better? suid shell scripts are disallowed for exactly this reason. – Marc B Aug 13 '15 at 18:46
  • @MarcB sudo without password - we can execute all scripts. One script with suid - only one script. – butteff Aug 13 '15 at 18:52
  • @gggigi: Shell script suid root means that any user with write access can replace it if they exploit the window mentioned by @Marc B. On the other hand with `sudo`, only the configured user can execute exactly what has been configured. – Michael Jaros Aug 13 '15 at 18:55

0 Answers0