I have a script, called rc.antifirewall that uses the /sbin/ipchains program within it to bring down my firewall. Right now, because it uses ipchains, only root can run this script. I would like for regular users to be able to run this script, butI don’t want them to be able to run the ipchains program by itselft, as they currently can’t. I thought the way I should accomplish this was to have the script that I wrote be owned by root, then set the user id bit using chmod u+s rc.antifirewall,and have this file be executable by other. From my understanding, then anyone that ran this script would have the permissions of the owner, root in this case. For some reason when I execute the script when I am a regular user it just tells me ‘permission denied’. All the script does is bring down my firewall and log who brought it down. I am not sure where my flaw is. Here are what my file permissions look like:
-rws–x–x 1 root root 1373 Mar 7 18:38 /etc/rc.d/rc.antifirewall
-rwxr-xr-x 1 root root 39416 Sep 20 1999 /sbin/ipchains
When I add a read permission to other on rc.antifirewall, such as:
-rws–xr-x rc.antifirewall
It get this message:
$ rc.antifirewall
ipchains: Permissiondenied
ipchains: Permission denied (you must be root)
ipchains: Permission denied (you must be root)
ipchains: Permission denied (you must be root)
Any help with this problem is appreciated.