deyrau@ciba-geigy.ch (Dipl agr Veronique Eyraud) (07/31/90)
Thank you for all the replies for the "SUID on scripts" question.
My ultimate goal in this is to allow an operator to log on a "normal"
account and to run a backup procedure reading all or parts of the file
system without beeing root.
Though I have a C procedure calling "bru", on which I have set UID, and
the exe looks like this:
-rwsr-x--- 1 root sys 15984 mybru
The source is the following
main(argc,argv)
int argc;
char **argv;
{
/* system( command ); */
system("ls -l");
system(
"bru -cvn 15-jul-1990 -f /dev/nrtape /usr/focci02/prog/mmod/mm30x");
}
With this, I cannot succeed in reading a protected directory (no read access
for the "other" field,and the owner is from the "user" group), though it
works for the ls command that is called just before.
Is there something in the bru philosophy that says
"Though shalt not backup directories if thee are protected even if though
have SUID root sys ??!!!! "
Any idea ?