barton@killer.DALLAS.TX.US (Barton Fisk) (01/27/89)
I need a user to be able to run a shell script to disable a serial line for dial out. This is due to the fact that the comm prog we are using DOES NOT support ungetty on SCO 2.2. I CAN NOT use cu or uucp for transfer of files to this particular location. So, in order for me to be able to run this comm prog (Blast), I must first disable the line or I get an error (comm port in use). Then after transfer is made, I need this script to re-enable the line. In normal everyday operation this line is both dial-in and dial-out. If anyone can help me do this without having to become root, I would greatly appreciate the help. Also, when I tried to invoke ungetty from the script before calling in my comm prog, the getty refused to be suspended and upon trying to dial-out afterwards the message "DIALOUT is on tty1A" was produced. Thanks again for any suggestions. Barton A. Fisk Barton A. Fisk & Co., Inc. P.O. Box 1781 Lake Charles, La. 70602 (318) 439-5984 -------------------------------------------------------- +++++++ Can anything good come out of Louisiana? ++++++ --------------------------------------------------------
jbayer@ispi.UUCP (Jonathan Bayer) (01/28/89)
In article <6932@killer.DALLAS.TX.US> barton@killer.DALLAS.TX.US (Barton Fisk) writes: >I need a user to be able to run a shell script to disable a serial >line for dial out. > [deleted] > >So, in order for me to be able to run this comm prog (Blast), I >must first disable the line or I get an error (comm port in use). > >Then after transfer is made, I need this script to re-enable the >line. > One thing you might try is to write a couple of small programs which would simple call enable and disable with the appropriate uids set. That way you can have a setuid program doing the work without letting anybody become root. Jb -- Jonathan Bayer Beware: The light at the end of the Intelligent Software Products, Inc. tunnel may be an oncoming dragon 19 Virginia Ave. ...uunet!ispi!jbayer Rockville Centre, NY 11570 (516) 766-2867 jbayer@ispi
root@conexch.UUCP (Larry Dighera) (02/01/89)
In article <6932@killer.DALLAS.TX.US> barton@killer.DALLAS.TX.US (Barton Fisk) writes: >I need a user to be able to run a shell script to disable a serial >line for dial out. > >If anyone can help me do this without having to become root, I >would greatly appreciate the help. > >Also, when I tried to invoke ungetty from the script before >calling in my comm prog, the getty refused to be suspended and >upon trying to dial-out afterwards the message "DIALOUT is on >tty1A" was produced. > >Thanks again for any suggestions. > > >Barton A. Fisk There are many approaches that can be used to accomplish this. Most of them will require that you trust the user of the communications program to some extent. Given that the files in question have the following default permissions: -rwsr-xr-x 1 lp bin 19500 May 16 1988 /bin/disable -rwsr-xr-x 1 lp bin 14932 May 16 1988 /bin/enable crw-r----- 1 uucp uucp 5,128 Jan 31 11:54 /dev/tty1A -rw-rw-r-- 1 root root 304 Jan 31 10:59 /etc/ttys you could put the communications program user in a unique group during the communications session with the newgrp command, and have the group on the above files set to that group. This is probably the simplest. The program below will allow users to run execute-only shell scripts as though they were root. So, if you put the disable command (and any other necessary commands) in a small shell script and call that script as an argument to exonly, it should work. You can use group permissions to limit the accessibility of exonly to trusted users. On the other hand, depending on security considerations on the system, you may find this approach unacceptable. Larry Dighera =========================== exonly.c begins ============================= /* * exonly.c * Author: Stephen Kochan * exonly opens the (execute-only) shell program, * given as the first argument, onto * standard input and executes the shell. * * exonly must be SUID to the owner * of the shell program or root. * * * This source is based on the listing in the June '87 issue of * UNIX/WORLD Magizine, pp 95. Entered by Larry Dighera * The Consultants' Exchange BBS (714) 842-6348/5851. */ #include <stdio.h> main (argc, argv) int argc; char *argv[]; { /* * Check number of arguments. If < 2, no file * was specified, so generate error message and exit. */ if (argc < 2) { fprintf (stderr, "exonly: needs file\n"); exit (1); } /* * Check accessibility of shell program by REAL uid. */ if (access (argv[1], 1) == -1) { fprintf (stderr, "exonly: cannot execute %s\n",argv[1]); exit (2); } /* * Close standard inpput and re-open with first argument. * Generate error message if file can't be opened. */ close (0); if (open (argv[1], 0) < 0) { fprintf (stderr, "exonly: cannot open %s\n", argv[1]); exit (3); } /* * Turn off setuid/setgid capability now that file is open. */ /* * (You may want to comment this out depending on the necessity * for your user to have an effective id of root to run * the necessary commands.) */ setgid (getgid ()); setuid (getuid ()); /* * Set up argument list to /bin/sh. */ argv[0] = "/bin/sh"; argv[1] = "-s"; /* reads shell script from stdin */ /* * exec /bin/sh with -s option. Pass any arguments * along in the argv list. Print error message * if we can't exec /bin/sh. */ execv ("/bin/sh", argv); fprintf (stderr, "exonly: cannot exec /bin/sh\n"); exit (4); } =========================== exonly.c ends ============================= -- USPS: The Consultants' Exchange, PO Box 12100, Santa Ana, CA 92712 TELE: (714) 842-6348: BBS (N81); (714) 842-5851: Xenix guest account (E71) UUCP: conexch Any ACU 2400 17148425851 ogin:-""-ogin:-""-ogin: nuucp UUCP: ...!uunet!turnkey!conexch!root || ...!trwrb!ucla-an!conexch!root
chip@vector.UUCP (Chip Rosenthal) (02/02/89)
In article <21372@conexch.UUCP> root@conexch.UUCP (Larry Dighera) writes: >In article <6932@killer.DALLAS.TX.US> barton@killer.DALLAS.TX.US (Barton Fisk) writes: >>I need a user to be able to run a shell script to disable a serial line >Given that the files in question have the following default permissions: That only gets you past the first problem. Even after you can muck around with /etc/ttys you need permission to kill() getty, which means you need to be root. I have no idea why enable is setuid lp. Obviously, it is to let a non-priviliged person mess with the printers. My only guess is that it is a kludge to get sysadm stuff to work. If so, it is a crummy way of doing it. -- Chip Rosenthal chip@vector.UUCP | Choke me in the shallow water Dallas Semiconductor 214-450-5337 | before I get too deep.
dave@oldcolo.UUCP (Dave Hughes) (02/09/89)
hello
dave@oldcolo.UUCP (Dave Hughes) (02/09/89)
test 'c'