General discussion

Locked

File Access on linux

By cp409sd ·
I have a script that I have written that uses ipchains to shut down and bring up our firewall. As a normal user, I cannot use this script because I don't have access to run /sbin/ipchains. As root of course I do. I don't want normal users to be able to run the /sbin/ipchains program by itself, but I would like them to be able to use the script I have written, which in turn uses ipchains. I am a somewhat new to unix and am not sure how, or if, I can do this. Someone told me the by setting the 'sticky bit' I could accomplish something like this. Thanks for any help you can provide. Also, if someone could clue me in on how the sticky bit works I would appreciate it.

This conversation is currently closed to new comments.

3 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

File Access on linux

by zbrain75 In reply to File Access on linux

For information about the sticky bit refer to:
http://ctdp.tripod.com/os/linux/usersguide/index.html

Item 6, "Linux Files and file permissions" explains it.

One possibility is for you to set the user ID bit on the firewall script file. As long as your user's have execute permission on the file, they can run it, and the file will execute as though the file's owner is running it. In this case, you would need the file owner to remain as root. The security concern here, is that if someoneis able to break out of the firewall script program, they would then be running as root! That is why security experts advise using this feature with caution.

Why don't you put the call to your firewall script in /etc/rc.d/rc.sysinit. This is how I call my firewall script and the user's don't need to deal with it. Your situation may be different than mine, however. The rc.sysinit script is run every time the system boots and it is run with root privileges, before any user logins. If you're interested, the How Linux works manual at
http://ctdp.tripod.com/os/linux/howlinuxworks/index.html
explains the boot process.

Hope this helps.

Collapse -

File Access on linux

by cp409sd In reply to File Access on linux

Thanks for the info. Just what I needed.

Collapse -

File Access on linux

by cp409sd In reply to File Access on linux

This question was closed by the author

Back to Linux Forum
3 total posts (Page 1 of 1)  

Related Forums