RE: Allowing users to execute shell scripts without seeing password
- From: Joseph Amalraj <joseph@xxxxxxxxxxxxxx>
- To: "Bobak, Mark" <Mark.Bobak@xxxxxxxxxxxxxxx>, oracle-l@xxxxxxxxxxxxx
- Date: Fri, 17 Feb 2006 16:24:32 -0800 (PST)
Security concerns ? Mark, please elaborate.
Thanks
"Bobak, Mark" <Mark.Bobak@xxxxxxxxxxxxxxx> wrote:
Interesting....I can confirm that it works on Sparc-Solaris 9.
I thought suid shell scripts were a thing of the past, due to security
concerns. Seems they still work.....
-Mark
--
Mark J. Bobak
Senior Oracle Architect
ProQuest Information & Learning
"Exception: Some dividends may be reported as qualified dividends but are
not qualified dividends. These include:
? Dividends you received on any share of stock that you held for less than 61
days during the 121-day period that began 60 days before the ex-dividend date.
The ex-dividend date is the first date following the declaration of a dividend
on which the purchaser of a stock is not entitled to receive the next dividend
payment. When counting the number of days you held the stock, include the day
you disposed of the stock but not the day you acquired it. See the examples
below. Also, when counting the number of days you held the stock, you cannot
count certain days during which your risk of loss was diminished. See Pub. 550
for more details.?
--IRS, Form 1040-A Instruction Booklet, Line 9b: Qualified Dividends
---------------------------------
From: oracle-l-bounce@xxxxxxxxxxxxx [mailto:oracle-l-bounce@xxxxxxxxxxxxx] On
Behalf Of Joseph Amalraj
Sent: Friday, February 17, 2006 5:04 PM
To: oracle-l@xxxxxxxxxxxxx
Subject: RE: Allowing users to execute shell scripts without seeing password
I think this is plaform dependent.
On HP-UX i created a file under user "oracle" tmp.ksh
> cat tmp.ksh
#!/usr/bin/ksh
date
then ran
chmod 7711 tmp.ksh
> ls -l tmp.ksh
-rws--s--x 1 oracle dba 20 Feb 17 16:51 tmp.ksh
From another user I ran
$ /opt/oracle/tmp.ksh
Fri Feb 17 16:57:06 EST 2006
Saving the file using "vi" resets the mode setuid bit.
So it has to be set again
This doesn't work in AIX
Regards
Joseph
Ken Naim <kennaim@xxxxxxxxx> wrote:
I am probably not be reading enough into the question, but here are my 2
cents; just set permission to execute only with no read or write access.
Ken Naim
-----Original Message-----
From: oracle-l-bounce@xxxxxxxxxxxxx [mailto:oracle-l-bounce@xxxxxxxxxxxxx]
On Behalf Of Radoulov, Dimitre
Sent: Friday, February 17, 2006 12:36 PM
To: oracle-l@xxxxxxxxxxxxx
Subject: Re: Allowing users to execute shell scripts without seeing password
Got error, trying to resend ...
> I've been trying to figure out a way that I can have my users allowed
> to login to the server (HP-UX) with their own account and run a shell
> script that's owned my me ...
> but I don't want them to be able to see the password.
> I had no luck just granting them execute on the shell script, they had
> to have read priviledges in order to execute it apparently.
> Any suggestions??
As suggested on comp.unix shell you can use shell script compiler.
You can try Francisco Javier Rosales Garcí¡¦#39;s shc:
Home page:
http://www.datsi.fi.upm.es/~frosal/
Download link:
http://www.datsi.fi.upm.es/~frosal/sources/shc-3.8.3.tgz
Regards,
Dimitre
--
//www.freelists.org/webpage/oracle-l
--
//www.freelists.org/webpage/oracle-l
Other related posts: